From 8c19fc547d1ab367df1f231b6bce0ef943d25735 Mon Sep 17 00:00:00 2001 From: pengyiqiang Date: Fri, 4 Aug 2023 12:10:10 +0800 Subject: [PATCH] mm_heap: check heap member in advance Block wrong address in advance before entering mempool. Signed-off-by: pengyiqiang --- mm/mm_heap/mm_free.c | 4 ++-- mm/mm_heap/mm_realloc.c | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mm/mm_heap/mm_free.c b/mm/mm_heap/mm_free.c index 00e715ab29..a92f467aa7 100644 --- a/mm/mm_heap/mm_free.c +++ b/mm/mm_heap/mm_free.c @@ -84,6 +84,8 @@ void mm_free(FAR struct mm_heap_s *heap, FAR void *mem) return; } + DEBUGASSERT(mm_heapmember(heap, mem)); + #if CONFIG_MM_HEAP_MEMPOOL_THRESHOLD != 0 if (mempool_multiple_free(heap->mm_mpool, mem) >= 0) { @@ -104,8 +106,6 @@ void mm_free(FAR struct mm_heap_s *heap, FAR void *mem) kasan_poison(mem, mm_malloc_size(heap, mem)); - DEBUGASSERT(mm_heapmember(heap, mem)); - /* Map the memory chunk into a free node */ node = (FAR struct mm_freenode_s *)((FAR char *)mem - SIZEOF_MM_ALLOCNODE); diff --git a/mm/mm_heap/mm_realloc.c b/mm/mm_heap/mm_realloc.c index 0fab7c3b07..f8de8b6402 100644 --- a/mm/mm_heap/mm_realloc.c +++ b/mm/mm_heap/mm_realloc.c @@ -81,6 +81,8 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem, return mm_malloc(heap, size); } + DEBUGASSERT(mm_heapmember(heap, oldmem)); + #if CONFIG_MM_HEAP_MEMPOOL_THRESHOLD != 0 newmem = mempool_multiple_realloc(heap->mm_mpool, oldmem, size); if (newmem != NULL) @@ -129,7 +131,6 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem, DEBUGVERIFY(mm_lock(heap)); DEBUGASSERT(oldnode->size & MM_ALLOC_BIT); - DEBUGASSERT(mm_heapmember(heap, oldmem)); /* Check if this is a request to reduce the size of the allocation. */