sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mempool:fix bug when free a alignment address

Browse Source 
The mempool mistakenly considers the heap memory as its own

The recurring scenario only occurs in mempool_deinit
test code in hello_main:

int main(int argc, FAR char *argv[])
{
  void *a = malloc(1024*64);
  void *d[16];
  void *heap = mm_initialize("123", a, 1024 * 64);
  for (int i = 0; i < 16; i++)
    {
        d[i] = mm_malloc(heap,32);
    }

  for (int i = 0; i < 16; i++)
    {
      if (d[i] != NULL)
        mm_free(heap,d[i]);
    }

  mm_uninitialize(heap);
  free(a);
  return 0;
}

and crash backtrace

0  _assert (filename=0x4ea20 "mempool/mempool.c", linenum=373, msg=0x0 <up_perf_convert>, regs=0x0 <up_perf_convert>)
   at misc/assert.c:551
1  0x0000a32c in __assert (filename=0x4ea20 "mempool/mempool.c", linenum=373, msg=0x0 <mempool_multiple_foreach>)
   at assert/lib_assert.c:36
2  0x0000f92c in mempool_release (pool=0x100e7a0, blk=0x100ff80) at mempool/mempool.c:373
3  0x000109ce in mempool_multiple_free (mpool=0x100e6f8, blk=0x100ff80) at mempool/mempool_multiple.c:648
4  0x0000deac in mm_delayfree (heap=0x100e090, mem=0x1010000, delay=false) at mm_heap/mm_free.c:83
5  0x0000e21c in mm_free (heap=0x100e090, mem=0x1010000) at mm_heap/mm_free.c:242
6  0x0001021c in mempool_multiple_free_chunk (mpool=0x100e6f8, ptr=0x1010000) at mempool/mempool_multiple.c:222
7  0x0001048e in mempool_multiple_free_callback (pool=0x100e7a0, addr=0x1010080) at mempool/mempool_multiple.c:291
8  0x0000ff6e in mempool_deinit (pool=0x100e7a0) at mempool/mempool.c:644
9  0x00010cba in mempool_multiple_deinit (mpool=0x100e6f8) at mempool/mempool_multiple.c:883
10 0x0000dd0c in mm_uninitialize (heap=0x100e090) at mm_heap/mm_initialize.c:326
11 0x0002c742 in hello_main (argc=1, argv=0x100d050) at hello_main.c:54
12 0x0000a83e in nxtask_startup (entrypt=0x2c6a5 <hello_main>, argc=1, argv=0x100d050) at sched/task_startup.c:70
13 0x00005272 in nxtask_start () at task/task_start.c:112

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
This commit is contained in:
anjiahao 2024-05-31 11:13:41 +08:00 committed by Xiang Xiao
parent 8c52317a45
commit 80ea8c3cc7
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mm/mempool/mempool_multiple.c
View File

@ -315,6 +315,15 @@ mempool_multiple_get_dict(FAR struct mempool_multiple_s *mpool,
}
addr = (FAR void *)ALIGN_DOWN(blk, mpool->expandsize);
if (blk == addr)
{
/* It is not a memory block allocated by mempool
* Because the blk is need not aligned with the expandsize
* in head memory.
*/
return NULL;
}
index = *(FAR size_t *)addr;
if (index >= mpool->dict_used)