Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libs/libc/obstack: fix allocated chunk overrun due to invalid limit #14559

Merged
merged 1 commit into from
Oct 30, 2024

Conversation

Cynerd
Copy link
Contributor

@Cynerd Cynerd commented Oct 30, 2024

Summary

This primarily fixes allocated memory overrun due to invalidly calculated limit of the chunk. The function here allocates chunk of size that includes required header. The error was that size of the chunk was invalidly again added when limit was being calculated. This was causing memory overrun and issues especially with object growing (reallocation).

The secondary fix here is to the algorithm that rounds the required size to the multiple of chunk size. In short chunk size must be reduced by one to get the correct mask. The condition that was generating the mask was also invalid because it must perform shift with at most one less than number of bits (not bytes).

Impact

The stability fix.

Testing

Tested on custom samv7 board. I have also proof tested the rounding mechanism with following code:

size_t round_up(size_t v, size_t mult) {
  size_t mask = mult - 1;
  for (unsigned i = 1; i < sizeof(size_t) * 8; i <<= 1)
    mask |= mask >> i;
  return (v + mask) & ~mask;
}

int main() {
	for (size_t mult = 1; mult < 100; mult++)
		for (size_t i = 1; i < 66; i++) {
			size_t r = round_up(i, mult);
			printf("%zd -> %zd\n", i, r);
			assert(r >= i);
		}
	return 0;
}

@github-actions github-actions bot added Area: OS Components OS Components issues Size: S The size of the change in this PR is small labels Oct 30, 2024
DEBUGASSERT(h->chunk_size > 0);

mask = h->chunk_size - 1;
for (i = 1; i < sizeof(size_t) * 8; i <<= 1)
mask |= mask >> i;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add {}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added.

This primarily fixes allocated memory overrun due to invalidly
calculated limit of the chunk. The function here allocates chunk of size
that includes required header. The error was that size of the chunk was
invalidly again added when limit was being calculated. This was causing
memory overrun and issues especially with object growing (reallocation).

The secondary fix here is to the algorithm that rounds the required size
to the multiple of chunk size. In short chunk size must be reduced by
one to get the correct mask. The condition that was generating the mask
was also invalid because it must perform shift with at most one less
than number of bits (not bytes).
@acassis acassis merged commit b851916 into apache:master Oct 30, 2024
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: OS Components OS Components issues Size: S The size of the change in this PR is small
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants