sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix cases where memory is allocated using malloc()

Browse Source 
arch/arm/src/cxd56xx/cxd56_gnss.c, arch/arm/src/xmc4/xmc4_spi.c,
 crypto/blake2s.c, drivers/lcd/pcf8574_lcd_backpack.c, drivers/lcd/st7032.c

User space memory should not be used within the OS and, when it is absolutely necessary to use user-space memory, it should be allocated using kumm_malloc().
This commit is contained in:
Gregory Nutt 2020-08-04 11:29:52 -06:00 committed by Abdelatif Guettouche
parent 3cad9f498f
commit 2dae970ec6
5 changed files with 28 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
arch/arm/src/cxd56xx/cxd56_gnss.c
View File

@ -910,7 +910,7 @@ static int cxd56_gnss_save_backup_data(FAR struct file *filep,
int n = 0; int n = 0;
int32_t offset = 0; int32_t offset = 0;
buf = (char *)malloc(CONFIG_CXD56_GNSS_BACKUP_BUFFER_SIZE); buf = (char *)kmm_malloc(CONFIG_CXD56_GNSS_BACKUP_BUFFER_SIZE);
if (buf == NULL) if (buf == NULL)
{ {
return -ENOMEM; return -ENOMEM;
@ -919,7 +919,7 @@ static int cxd56_gnss_save_backup_data(FAR struct file *filep,
fp = fopen(CONFIG_CXD56_GNSS_BACKUP_FILENAME, "wb"); fp = fopen(CONFIG_CXD56_GNSS_BACKUP_FILENAME, "wb");
if (fp == NULL) if (fp == NULL)
{ {
free(buf); kmm_free(buf);
return -ENOENT; return -ENOENT;
} }
@ -937,7 +937,7 @@ static int cxd56_gnss_save_backup_data(FAR struct file *filep,
} }
while (n == CONFIG_CXD56_GNSS_BACKUP_BUFFER_SIZE); while (n == CONFIG_CXD56_GNSS_BACKUP_BUFFER_SIZE);
free(buf); kmm_free(buf);
fclose(fp); fclose(fp);
return n < 0 ? n : 0; return n < 0 ? n : 0;
@ -2168,7 +2168,7 @@ static FAR char *cxd56_gnss_read_cep_file(FAR FILE *fp, int32_t offset,
goto _err0; goto _err0;
} }
buf = (char *)malloc(len); buf = (char *)kmm_malloc(len);
if (buf == NULL) if (buf == NULL)
{ {
ret = -ENOMEM; ret = -ENOMEM;
@ -2199,7 +2199,7 @@ static FAR char *cxd56_gnss_read_cep_file(FAR FILE *fp, int32_t offset,
*/ */
_err1: _err1:
free(buf); kmm_free(buf);
_err0: _err0:
*retval = ret; *retval = ret;
cxd56_cpu1sigsend(CXD56_CPU1_DATA_TYPE_CEP, 0); cxd56_cpu1sigsend(CXD56_CPU1_DATA_TYPE_CEP, 0);
@ -2229,7 +2229,7 @@ static void cxd56_gnss_read_backup_file(FAR int *retval)
size_t n; size_t n;
int ret = 0; int ret = 0;
buf = (char *)malloc(CONFIG_CXD56_GNSS_BACKUP_BUFFER_SIZE); buf = (char *)kmm_malloc(CONFIG_CXD56_GNSS_BACKUP_BUFFER_SIZE);
if (buf == NULL) if (buf == NULL)
{ {
ret = -ENOMEM; ret = -ENOMEM;
@ -2239,7 +2239,7 @@ static void cxd56_gnss_read_backup_file(FAR int *retval)
fp = fopen(CONFIG_CXD56_GNSS_BACKUP_FILENAME, "rb"); fp = fopen(CONFIG_CXD56_GNSS_BACKUP_FILENAME, "rb");
if (fp == NULL) if (fp == NULL)
{ {
free(buf); kmm_free(buf);
ret = -ENOENT; ret = -ENOENT;
goto _err; goto _err;
} }
@ -2264,7 +2264,7 @@ static void cxd56_gnss_read_backup_file(FAR int *retval)
while (n > 0); while (n > 0);
fclose(fp); fclose(fp);
free(buf); kmm_free(buf);
/* Notify the termination of backup sequence by write zero length data */ /* Notify the termination of backup sequence by write zero length data */
@ -2372,7 +2372,7 @@ static void cxd56_gnss_default_sighandler(uint32_t data, FAR void *userdata)
case CXD56_GNSS_NOTIFY_TYPE_REQCEPBUFFREE: case CXD56_GNSS_NOTIFY_TYPE_REQCEPBUFFREE:
if (priv->cepbuf) if (priv->cepbuf)
{ {
free(priv->cepbuf); kmm_free(priv->cepbuf);
} }
return; return;

5
arch/arm/src/xmc4/xmc4_spi.c
View File

@ -54,6 +54,7 @@
#include <nuttx/irq.h> #include <nuttx/irq.h>
#include <nuttx/arch.h> #include <nuttx/arch.h>
#include <nuttx/wdog.h> #include <nuttx/wdog.h>
#include <nuttx/kmalloc.h>
#include <nuttx/clock.h> #include <nuttx/clock.h>
#include <nuttx/semaphore.h> #include <nuttx/semaphore.h>
#include <nuttx/spi/spi.h> #include <nuttx/spi/spi.h>
@ -1806,7 +1807,7 @@ struct spi_dev_s *xmc4_spibus_initialize(int channel)
* chip select structures. * chip select structures.
*/ */
spics = (struct xmc4_spics_s *)zalloc(sizeof(struct xmc4_spics_s)); spics = (struct xmc4_spics_s *)kmm_zalloc(sizeof(struct xmc4_spics_s));
if (!spics) if (!spics)
{ {
spierr("ERROR: Failed to allocate a chip select structure\n"); spierr("ERROR: Failed to allocate a chip select structure\n");
@ -2104,7 +2105,7 @@ struct spi_dev_s *xmc4_spibus_initialize(int channel)
return &spics->spidev; return &spics->spidev;
errchannel: errchannel:
free(spics); kmm_free(spics);
return NULL; return NULL;
} }
#endif /* CONFIG_XMC4_SPI0 || CONFIG_XMC4_SPI1 */ #endif /* CONFIG_XMC4_SPI0 || CONFIG_XMC4_SPI1 */

5
crypto/blake2s.c
View File

@ -52,6 +52,7 @@
#include <assert.h> #include <assert.h>
#include <errno.h> #include <errno.h>
#include <nuttx/kmalloc.h>
#include <nuttx/crypto/blake2s.h> #include <nuttx/crypto/blake2s.h>
/**************************************************************************** /****************************************************************************
@ -330,7 +331,7 @@ static int blake2s_selftest(void)
blake2s_state ctx; blake2s_state ctx;
int ret = -1; int ret = -1;
in = malloc(1024); in = kmm_malloc(1024);
if (!in) if (!in)
{ {
goto out; goto out;
@ -372,7 +373,7 @@ static int blake2s_selftest(void)
ret = 0; ret = 0;
out: out:
free(in); kmm_free(in);
return ret; return ret;
} }
#endif #endif

4
drivers/lcd/pcf8574_lcd_backpack.c
View File

@ -699,7 +699,7 @@ static void lcd_scroll_up(FAR struct pcf8574_lcd_dev_s *priv)
int nrow; int nrow;
int ncol; int ncol;
data = (FAR uint8_t *)malloc(priv->cfg.cols); data = (FAR uint8_t *)kmm_malloc(priv->cfg.cols);
if (NULL == data) if (NULL == data)
{ {
lcdinfo("Failed to allocate buffer in lcd_scroll_up()\n"); lcdinfo("Failed to allocate buffer in lcd_scroll_up()\n");
@ -729,7 +729,7 @@ static void lcd_scroll_up(FAR struct pcf8574_lcd_dev_s *priv)
lcd_set_curpos(priv, priv->cfg.rows - 1, 0); lcd_set_curpos(priv, priv->cfg.rows - 1, 0);
free(data); kmm_free(data);
return; return;
} }

18
drivers/lcd/st7032.c
View File

@ -82,7 +82,7 @@ struct st7032_dev_s
FAR struct i2c_master_s *i2c; /* I2C interface */ FAR struct i2c_master_s *i2c; /* I2C interface */
uint8_t row; /* Current row position to write on display */ uint8_t row; /* Current row position to write on display */
uint8_t col; /* Current col position to write on display */ uint8_t col; /* Current col position to write on display */
uint8_t buffer[ST7032_MAX_ROW * ST7032_MAX_COL]; /* SLCD ASCII content */ uint8_t buffer[ST7032_MAX_ROW * ST7032_MAX_COL];
bool pendscroll; bool pendscroll;
sem_t sem_excl; sem_t sem_excl;
}; };
@ -326,7 +326,7 @@ static inline void lcd_putdata(FAR struct st7032_dev_s *priv, uint8_t data)
/* Update col/row positions */ /* Update col/row positions */
priv->col++; priv->col++;
if (priv->col >= ST7032_MAX_COL) if (priv->col >= ST7032_MAX_COL)
{ {
@ -355,11 +355,11 @@ static inline void lcd_putdata(FAR struct st7032_dev_s *priv, uint8_t data)
static void lcd_scroll_up(FAR struct st7032_dev_s *priv) static void lcd_scroll_up(FAR struct st7032_dev_s *priv)
{ {
uint8_t *data; FAR uint8_t *data;
int currow; int currow;
int curcol; int curcol;
data = (uint8_t *)malloc(ST7032_MAX_COL); data = (FAR uint8_t *)kmm_malloc(ST7032_MAX_COL);
if (NULL == data) if (NULL == data)
{ {
lcdinfo("Failed to allocate buffer in lcd_scroll_up()\n"); lcdinfo("Failed to allocate buffer in lcd_scroll_up()\n");
@ -400,7 +400,7 @@ static void lcd_scroll_up(FAR struct st7032_dev_s *priv)
priv->row = ST7032_MAX_ROW - 1; priv->row = ST7032_MAX_ROW - 1;
lcd_set_curpos(priv); lcd_set_curpos(priv);
free(data); kmm_free(data);
return; return;
} }
@ -800,7 +800,9 @@ static ssize_t st7032_write(FAR struct file *filep, FAR const char *buffer,
if (ch == ASCII_TAB) if (ch == ASCII_TAB)
{ {
/* Blink Cursor? Shouldn't it be just 4 spaces to indicate TAB? */ /* Blink Cursor? Shouldn't it be just 4 spaces to indicate
* TAB?
*/
st7032_write_inst(priv, ST7032_DISPLAY_ON_OFF | st7032_write_inst(priv, ST7032_DISPLAY_ON_OFF |
DISPLAY_ON_OFF_D | DISPLAY_ON_OFF_C | DISPLAY_ON_OFF_D | DISPLAY_ON_OFF_C |
@ -900,7 +902,8 @@ static ssize_t st7032_write(FAR struct file *filep, FAR const char *buffer,
static off_t st7032_seek(FAR struct file *filep, off_t offset, int whence) static off_t st7032_seek(FAR struct file *filep, off_t offset, int whence)
{ {
FAR struct inode *inode = filep->f_inode; FAR struct inode *inode = filep->f_inode;
FAR struct st7032_dev_s *priv = (FAR struct st7032_dev_s *)inode->i_private; FAR struct st7032_dev_s *priv =
(FAR struct st7032_dev_s *)inode->i_private;
off_t maxpos; off_t maxpos;
off_t pos; off_t pos;
@ -954,6 +957,7 @@ static off_t st7032_seek(FAR struct file *filep, off_t offset, int whence)
break; break;
default: default:
/* Return EINVAL if the whence argument is invalid */ /* Return EINVAL if the whence argument is invalid */
pos = (off_t)-EINVAL; pos = (off_t)-EINVAL;