libs/rt-thread-official
libs
/
rt-thread-official
mirror of https://github.com/RT-Thread/rt-thread.git
4
0
Fork 0
Code Issues Releases Wiki Activity

[memheap] Fix 64 bit potential risk

This commit is contained in:
tangyuxin 2022-01-01 19:13:13 +08:00 committed by Bernard Xiong
parent 85441c0dc4
commit 09f439bcc2
5 changed files with 43 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
components/finsh/msh.c
View File

@ -71,7 +71,7 @@ MSH_CMD_EXPORT_ALIAS(cmd_ps, ps, List threads in the system.);
#ifdef RT_USING_HEAP #ifdef RT_USING_HEAP
int cmd_free(int argc, char **argv) int cmd_free(int argc, char **argv)
{ {
rt_uint32_t total = 0, used = 0, max_used = 0; rt_size_t total = 0, used = 0, max_used = 0;
rt_memory_info(&total, &used, &max_used); rt_memory_info(&total, &used, &max_used);
rt_kprintf("total : %d\n", total); rt_kprintf("total : %d\n", total);

6
include/rtdef.h
View File

@ -927,9 +927,9 @@ struct rt_memheap
void *start_addr; /**< pool start address and size */ void *start_addr; /**< pool start address and size */
rt_uint32_t pool_size; /**< pool size */ rt_size_t pool_size; /**< pool size */
rt_uint32_t available_size; /**< available size */ rt_size_t available_size; /**< available size */
rt_uint32_t max_used_size; /**< maximum allocated size */ rt_size_t max_used_size; /**< maximum allocated size */
struct rt_memheap_item *block_list; /**< used block list */ struct rt_memheap_item *block_list; /**< used block list */

12
include/rtthread.h
View File

@ -266,9 +266,9 @@ void *rt_calloc(rt_size_t count, rt_size_t size);
void *rt_malloc_align(rt_size_t size, rt_size_t align); void *rt_malloc_align(rt_size_t size, rt_size_t align);
void rt_free_align(void *ptr); void rt_free_align(void *ptr);
void rt_memory_info(rt_uint32_t *total, void rt_memory_info(rt_size_t *total,
rt_uint32_t *used, rt_size_t *used,
rt_uint32_t *max_used); rt_size_t *max_used);
#if defined(RT_USING_SLAB) && defined(RT_USING_SLAB_AS_HEAP) #if defined(RT_USING_SLAB) && defined(RT_USING_SLAB_AS_HEAP)
void *rt_page_alloc(rt_size_t npages); void *rt_page_alloc(rt_size_t npages);
@ -308,9 +308,9 @@ void *rt_memheap_alloc(struct rt_memheap *heap, rt_size_t size);
void *rt_memheap_realloc(struct rt_memheap *heap, void *ptr, rt_size_t newsize); void *rt_memheap_realloc(struct rt_memheap *heap, void *ptr, rt_size_t newsize);
void rt_memheap_free(void *ptr); void rt_memheap_free(void *ptr);
void rt_memheap_info(struct rt_memheap *heap, void rt_memheap_info(struct rt_memheap *heap,
rt_uint32_t *total, rt_size_t *total,
rt_uint32_t *used, rt_size_t *used,
rt_uint32_t *max_used); rt_size_t *max_used);
#endif #endif
#ifdef RT_USING_SLAB #ifdef RT_USING_SLAB

6
src/kservice.c
View File

@ -1558,9 +1558,9 @@ RTM_EXPORT(rt_free);
* *
* @param max_used is a pointer to get the maximum memory used. * @param max_used is a pointer to get the maximum memory used.
*/ */
RT_WEAK void rt_memory_info(rt_uint32_t *total, RT_WEAK void rt_memory_info(rt_size_t *total,
rt_uint32_t *used, rt_size_t *used,
rt_uint32_t *max_used) rt_size_t *max_used)
{ {
rt_base_t level; rt_base_t level;

54
src/memheap.c
View File

@ -27,7 +27,7 @@
/* dynamic pool magic and mask */ /* dynamic pool magic and mask */
#define RT_MEMHEAP_MAGIC 0x1ea01ea0 #define RT_MEMHEAP_MAGIC 0x1ea01ea0
#define RT_MEMHEAP_MASK 0xfffffffe #define RT_MEMHEAP_MASK 0xFFFFFFFE
#define RT_MEMHEAP_USED 0x01 #define RT_MEMHEAP_USED 0x01
#define RT_MEMHEAP_FREED 0x00 #define RT_MEMHEAP_FREED 0x00
@ -38,6 +38,16 @@
#define MEMITEM_SIZE(item) ((rt_ubase_t)item->next - (rt_ubase_t)item - RT_MEMHEAP_SIZE) #define MEMITEM_SIZE(item) ((rt_ubase_t)item->next - (rt_ubase_t)item - RT_MEMHEAP_SIZE)
#define MEMITEM(ptr) (struct rt_memheap_item*)((rt_uint8_t*)ptr - RT_MEMHEAP_SIZE) #define MEMITEM(ptr) (struct rt_memheap_item*)((rt_uint8_t*)ptr - RT_MEMHEAP_SIZE)
static void _remove_next_ptr(struct rt_memheap_item *next_ptr)
{
/* Fix the crash problem after opening Oz optimization on ac6 */
/* Fix IAR compiler warning */
next_ptr->next_free->prev_free = next_ptr->prev_free;
next_ptr->prev_free->next_free = next_ptr->next_free;
next_ptr->next->prev = next_ptr->prev;
next_ptr->prev->next = next_ptr->next;
}
/** /**
* @brief This function initializes a piece of memory called memheap. * @brief This function initializes a piece of memory called memheap.
* *
@ -173,7 +183,7 @@ RTM_EXPORT(rt_memheap_detach);
void *rt_memheap_alloc(struct rt_memheap *heap, rt_size_t size) void *rt_memheap_alloc(struct rt_memheap *heap, rt_size_t size)
{ {
rt_err_t result; rt_err_t result;
rt_uint32_t free_size; rt_size_t free_size;
struct rt_memheap_item *header_ptr; struct rt_memheap_item *header_ptr;
RT_ASSERT(heap != RT_NULL); RT_ASSERT(heap != RT_NULL);
@ -382,8 +392,7 @@ void *rt_memheap_realloc(struct rt_memheap *heap, void *ptr, rt_size_t newsize)
if (newsize > oldsize) if (newsize > oldsize)
{ {
void *new_ptr; void *new_ptr;
/* Fix the crash problem after opening Oz optimization on ac6 */ struct rt_memheap_item *next_ptr;
volatile struct rt_memheap_item *next_ptr;
if (heap->locked == RT_FALSE) if (heap->locked == RT_FALSE)
{ {
@ -432,10 +441,7 @@ void *rt_memheap_realloc(struct rt_memheap *heap, void *ptr, rt_size_t newsize)
next_ptr->next_free, next_ptr->next_free,
next_ptr->prev_free)); next_ptr->prev_free));
next_ptr->next_free->prev_free = next_ptr->prev_free; _remove_next_ptr(next_ptr);
next_ptr->prev_free->next_free = next_ptr->next_free;
next_ptr->next->prev = next_ptr->prev;
next_ptr->prev->next = next_ptr->next;
/* build a new one on the right place */ /* build a new one on the right place */
next_ptr = (struct rt_memheap_item *)((char *)ptr + newsize); next_ptr = (struct rt_memheap_item *)((char *)ptr + newsize);
@ -593,13 +599,13 @@ void rt_memheap_free(void *ptr)
rt_err_t result; rt_err_t result;
struct rt_memheap *heap; struct rt_memheap *heap;
struct rt_memheap_item *header_ptr, *new_ptr; struct rt_memheap_item *header_ptr, *new_ptr;
rt_uint32_t insert_header; rt_bool_t insert_header;
/* NULL check */ /* NULL check */
if (ptr == RT_NULL) return; if (ptr == RT_NULL) return;
/* set initial status as OK */ /* set initial status as OK */
insert_header = 1; insert_header = RT_TRUE;
new_ptr = RT_NULL; new_ptr = RT_NULL;
header_ptr = (struct rt_memheap_item *) header_ptr = (struct rt_memheap_item *)
((rt_uint8_t *)ptr - RT_MEMHEAP_SIZE); ((rt_uint8_t *)ptr - RT_MEMHEAP_SIZE);
@ -657,7 +663,7 @@ void rt_memheap_free(void *ptr)
/* move header pointer to previous. */ /* move header pointer to previous. */
header_ptr = header_ptr->prev; header_ptr = header_ptr->prev;
/* don't insert header to free list */ /* don't insert header to free list */
insert_header = 0; insert_header = RT_FALSE;
} }
/* determine if the block can be merged with the next neighbor. */ /* determine if the block can be merged with the next neighbor. */
@ -685,10 +691,10 @@ void rt_memheap_free(void *ptr)
{ {
struct rt_memheap_item *n = heap->free_list->next_free;; struct rt_memheap_item *n = heap->free_list->next_free;;
#if defined(RT_MEMHEAP_BSET_MODE) #if defined(RT_MEMHEAP_BSET_MODE)
rt_uint32_t blk_size = MEMITEM_SIZE(header_ptr); rt_size_t blk_size = MEMITEM_SIZE(header_ptr);
for (;n != heap->free_list; n = n->next_free) for (;n != heap->free_list; n = n->next_free)
{ {
rt_uint32_t m = MEMITEM_SIZE(n); rt_size_t m = MEMITEM_SIZE(n);
if (blk_size <= m) if (blk_size <= m)
{ {
break; break;
@ -732,9 +738,9 @@ RTM_EXPORT(rt_memheap_free);
* @param max_used is a pointer to get the maximum memory used. * @param max_used is a pointer to get the maximum memory used.
*/ */
void rt_memheap_info(struct rt_memheap *heap, void rt_memheap_info(struct rt_memheap *heap,
rt_uint32_t *total, rt_size_t *total,
rt_uint32_t *used, rt_size_t *used,
rt_uint32_t *max_used) rt_size_t *max_used)
{ {
rt_err_t result; rt_err_t result;
@ -898,10 +904,10 @@ int memheapcheck(int argc, char *argv[])
break; break;
} }
/* check next and prev */ /* check next and prev */
if (!((rt_uint32_t)item->next <= (rt_uint32_t)((rt_uint32_t)heap->start_addr + heap->pool_size) && if (!((rt_ubase_t)item->next <= (rt_ubase_t)((rt_ubase_t)heap->start_addr + heap->pool_size) &&
(rt_uint32_t)item->prev >= (rt_uint32_t)heap->start_addr) && (rt_ubase_t)item->prev >= (rt_ubase_t)heap->start_addr) &&
(rt_uint32_t)item->next == RT_ALIGN((rt_uint32_t)item->next, RT_ALIGN_SIZE) && (rt_ubase_t)item->next == RT_ALIGN((rt_ubase_t)item->next, RT_ALIGN_SIZE) &&
(rt_uint32_t)item->prev == RT_ALIGN((rt_uint32_t)item->prev, RT_ALIGN_SIZE)) (rt_ubase_t)item->prev == RT_ALIGN((rt_ubase_t)item->prev, RT_ALIGN_SIZE))
{ {
has_bad = RT_TRUE; has_bad = RT_TRUE;
break; break;
@ -919,7 +925,7 @@ int memheapcheck(int argc, char *argv[])
{ {
rt_kprintf("Memory block wrong:\n"); rt_kprintf("Memory block wrong:\n");
rt_kprintf("name: %s\n", heap->parent.name); rt_kprintf("name: %s\n", heap->parent.name);
rt_kprintf("item: 0x%08x\n", item); rt_kprintf("item: 0x%p\n", item);
} }
return 0; return 0;
} }
@ -948,7 +954,7 @@ int memheaptrace(int argc, char *argv[])
/* memheap dump */ /* memheap dump */
rt_kprintf("\nmemory heap address:\n"); rt_kprintf("\nmemory heap address:\n");
rt_kprintf("name : %s\n", mh->parent.name); rt_kprintf("name : %s\n", mh->parent.name);
rt_kprintf("heap_ptr: 0x%08x\n", mh->start_addr); rt_kprintf("heap_ptr: 0x%p\n", mh->start_addr);
rt_kprintf("free : 0x%08x\n", mh->available_size); rt_kprintf("free : 0x%08x\n", mh->available_size);
rt_kprintf("max_used: 0x%08x\n", mh->max_used_size); rt_kprintf("max_used: 0x%08x\n", mh->max_used_size);
rt_kprintf("size : 0x%08x\n", mh->pool_size); rt_kprintf("size : 0x%08x\n", mh->pool_size);
@ -960,7 +966,7 @@ int memheaptrace(int argc, char *argv[])
{ {
if ((header_ptr->magic & RT_MEMHEAP_MASK) != RT_MEMHEAP_MAGIC) if ((header_ptr->magic & RT_MEMHEAP_MASK) != RT_MEMHEAP_MAGIC)
{ {
rt_kprintf("[0x%08x - incorrect magic: 0x%08x\n", rt_kprintf("[0x%p - incorrect magic: 0x%08x\n",
header_ptr, header_ptr->magic); header_ptr, header_ptr->magic);
break; break;
} }
@ -969,7 +975,7 @@ int memheaptrace(int argc, char *argv[])
if (block_size < 0) if (block_size < 0)
break; break;
rt_kprintf("[0x%08x - ", header_ptr); rt_kprintf("[0x%p - ", header_ptr);
if (block_size < 1024) if (block_size < 1024)
rt_kprintf("%5d", block_size); rt_kprintf("%5d", block_size);
else if (block_size < 1024 * 1024) else if (block_size < 1024 * 1024)