summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Glass <sjg@chromium.org>2019-04-08 13:20:42 -0600
committerSimon Glass <sjg@chromium.org>2019-04-23 20:26:43 -0600
commit4a6409b74cc09b150f234ba3ab7d75ba6358270a (patch)
tree5c51b5c43a11bc53075017432adc41a142bd21a4
parent001d1885f0012dbedef44bd828f91ba048029261 (diff)
sandbox: Correct maths in allocation routines
Allocation routines were adjusted to ensure that the returned addresses are a multiple of the page size, but the header code was not updated to take account of this. These routines assume that the header size is the same as the page size which is unlikely. At present os_realloc() does not work correctly due to this bug. The only user is the hostfs 'ls' command, and only if the directory contains a unusually long filename, which likely explains why this bug was not caught earlier. Fix this by doing the calculations using the obtained page size. Signed-off-by: Simon Glass <sjg@chromium.org>
-rw-r--r--arch/sandbox/cpu/os.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c
index c20491493fc..47dfb476d37 100644
--- a/arch/sandbox/cpu/os.c
+++ b/arch/sandbox/cpu/os.c
@@ -209,8 +209,8 @@ void os_tty_raw(int fd, bool allow_sigs)
void *os_malloc(size_t length)
{
- struct os_mem_hdr *hdr;
int page_size = getpagesize();
+ struct os_mem_hdr *hdr;
/*
* Use an address that is hopefully available to us so that pointers
@@ -229,30 +229,34 @@ void *os_malloc(size_t length)
void os_free(void *ptr)
{
- struct os_mem_hdr *hdr = ptr;
+ int page_size = getpagesize();
+ struct os_mem_hdr *hdr;
- hdr--;
- if (ptr)
- munmap(hdr, hdr->length + sizeof(*hdr));
+ if (ptr) {
+ hdr = ptr - page_size;
+ munmap(hdr, hdr->length + page_size);
+ }
}
void *os_realloc(void *ptr, size_t length)
{
- struct os_mem_hdr *hdr = ptr;
+ int page_size = getpagesize();
+ struct os_mem_hdr *hdr;
void *buf = NULL;
- hdr--;
- if (length != 0) {
+ if (length) {
buf = os_malloc(length);
if (!buf)
return buf;
if (ptr) {
+ hdr = ptr - page_size;
if (length > hdr->length)
length = hdr->length;
memcpy(buf, ptr, length);
}
}
- os_free(ptr);
+ if (ptr)
+ os_free(ptr);
return buf;
}