Imagelibrary/tlsf
1
0
Fork 0
mirror of https://github.com/espressif/tlsf.git synced 2025-11-16 12:34:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from velvitonator/large-alloc-corruption

Browse Source 
Protect against large sizes resulting in off-the-end free blocks
This commit is contained in:
matt conte
2018-02-21 22:07:31 -08:00
committed by GitHub
parent 16b6a9657d 72601dd683
commit a1f743ffac
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tlsf.c
View File

@@ -758,7 +758,17 @@ static block_header_t* block_locate_free(control_t* control, size_t size)
if (size)
{
mapping_search(size, &fl, &sl);
block = search_suitable_block(control, &fl, &sl);
/*
** mapping_search can futz with the size, so for excessively large sizes it can sometimes wind up
** with indices that are off the end of the block array.
** So, we protect against that here, since this is the only callsite of mapping_search.
** Note that we don't need to check sl, since it comes from a modulo operation that guarantees it's always in range.
*/
if (fl < FL_INDEX_COUNT)
{
block = search_suitable_block(control, &fl, &sl);
}
}
if (block)