diff options
| author | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2016-07-12 09:12:24 +0100 |
|---|---|---|
| committer | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2016-07-25 12:57:42 +0100 |
| commit | 7b6d330c92d31c82e2dce47ae1f9dccb95b8bbd7 (patch) | |
| tree | fbddd292aacd76eef9490d8262879c382aa243fc /include/lib | |
| parent | 3a26a28c72c089636d5b7e4194d3bc049932531f (diff) | |
Ensure addresses in is_mem_free() don't overflow
This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the case where the end addresses, computed as the
sum of a base address and a size, results in a value large enough
to wrap around. This, in turn, could lead to unpredictable behaviour.
If such an overflow is detected, the is_mem_free() function will now
declare the memory region as not free. The overflow is detected using
a new macro, called check_uptr_overflow().
This patch also modifies all other places in the 'bl_common.c' file
where an end address was computed as the sum of a base address and a
size and instead keeps the two values separate. This avoids the need
to handle pointer overflows everywhere. The code doesn't actually need
to compute any end address before the is_mem_free() function is called
other than to print information message to the serial output.
This patch also introduces 2 slight changes to the reserve_mem()
function:
- It fixes the end addresses passed to choose_mem_pos(). It was
incorrectly passing (base + size) instead of (base + size - 1).
- When the requested allocation size is 0, the function now exits
straight away and says so using a warning message.
Previously, it used to actually reserve some memory. A zero-byte
allocation was not considered as a special case so the function
was using the same top/bottom allocation mechanism as for any
other allocation. As a result, the smallest area of memory starting
from the requested base address within the free region was
reserved.
Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
Diffstat (limited to 'include/lib')
| -rw-r--r-- | include/lib/utils.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/lib/utils.h b/include/lib/utils.h index 9cc5468b..0936cbb3 100644 --- a/include/lib/utils.h +++ b/include/lib/utils.h @@ -55,4 +55,11 @@ #define round_down(value, boundary) \ ((value) & ~round_boundary(value, boundary)) +/* + * Evaluates to 1 if (ptr + inc) overflows, 0 otherwise. + * Both arguments must be unsigned pointer values (i.e. uintptr_t). + */ +#define check_uptr_overflow(ptr, inc) \ + (((ptr) > UINTPTR_MAX - (inc)) ? 1 : 0) + #endif /* __UTILS_H__ */ |