OrgApache/incubator-nuttx
OrgApache
/
incubator-nuttx
mirror of https://github.com/apache/incubator-nuttx.git
1
0
Fork 0
Code Issues Releases Wiki Activity

mm: Do not memcopy more than oldsize when realloc 

When realloc up from a mem area to a larger one where a new node
is needed. The the larger memory region is copied from the source
this can both leak data as well as cause memory faults accesssing
invalid data.

This was first reported by Kwonsk

Signed-off-by: Brennan Ashton <bashton@brennanashton.com>
This commit is contained in:
Brennan Ashton 2020-06-28 11:57:38 -07:00
parent b296adc3bb
commit fcd6e1c7eb
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mm/mm_heap/mm_realloc.c
View File

@ -270,17 +270,17 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
(next->preceding & MM_ALLOC_BIT);
}
/* Now we want to return newnode */
oldnode = newnode;
oldsize = newnode->size;
/* Now we have to move the user contents 'down' in memory. memcpy
* should be safe for this.
*/
newmem = (FAR void *)((FAR char *)newnode + SIZEOF_MM_ALLOCNODE);
memcpy(newmem, oldmem, oldsize - SIZEOF_MM_ALLOCNODE);
/* Now we want to return newnode */
oldnode = newnode;
oldsize = newnode->size;
}
/* Extend into the next free chunk */