From 73d515fcfecd1004ccffef8fcd0c7223b9eec6ab Mon Sep 17 00:00:00 2001 From: Cyril Yared Date: Tue, 25 Jan 2022 07:44:10 -0800 Subject: [PATCH] Fix null-pointer dereference in nano-malloc If p is NULL, then the free_list is empty and we should return the correct failure values. --- newlib/libc/stdlib/nano-mallocr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-mallocr.c index 6fb08a616..0c5fb2885 100644 --- a/newlib/libc/stdlib/nano-mallocr.c +++ b/newlib/libc/stdlib/nano-mallocr.c @@ -322,7 +322,7 @@ void * nano_malloc(RARG malloc_size_t s) r=r->next; } - if ((char *)p + p->size == (char *)_SBRK_R(RCALL 0)) + if (p != NULL && (char *)p + p->size == (char *)_SBRK_R(RCALL 0)) { /* The last free item has the heap end as neighbour. * Let's ask for a smaller amount and merge */