Skip to content
Snippets Groups Projects
Select Git revision
0 results

dlmalloc.c

Blame
  • Forked from Reform / reform-boundary-uboot
    Source project has a limited visibility.
    • Kumar Gala's avatar
      6163f5b4
      malloc: Fix issue with calloc memory possibly being non-zero · 6163f5b4
      Kumar Gala authored
      
      Since we set #define MORECORE_CLEARS 1, the code assumes 'sbrk' always
      returns zero'd out memory.  However since its possible that free()
      returns memory back to sbrk() via malloc_trim we could possible get
      non-zero'd memory from sbrk().  This is a problem for when code might
      call calloc() and expect the memory to have been zero'd out.
      
      There are two possible solutions to this problem.
      1. change #define MORECORE_CLEARS 0
      2. memset to zero memory returned to sbrk.
      
      We go with the second since the sbrk being called to free up memory
      should be pretty rare.
      
      The following code problems an example test to show the issue.  This
      test code was inserted right after the call to mem_malloc_init().
      
      ...
             u8 *p2;
             int i;
      
             printf("MALLOC TEST\n");
             p1 = malloc(135176);
             printf("P1 = %p\n", p1);
             memset(p1, 0xab, 135176);
      
             free(p1);
             p2 = calloc(4097, 1);
             printf("P2 = %p %p\n", p2, p2 + 4097);
      
             for (i = 0; i < 4097; i++) {
      	       if (p2[i] != 0)
      		       printf("miscompare at byte %d got %x\n", i, p2[i]);
      
             free(p2);
             printf("END MALLOC TEST\n\n");
      ...
      
      Signed-off-by: default avatarKumar Gala <galak@kernel.crashing.org>
      Tested-by: default avatarWolfgang Denk <wd@denx.de>
      6163f5b4
      History
      malloc: Fix issue with calloc memory possibly being non-zero
      Kumar Gala authored
      
      Since we set #define MORECORE_CLEARS 1, the code assumes 'sbrk' always
      returns zero'd out memory.  However since its possible that free()
      returns memory back to sbrk() via malloc_trim we could possible get
      non-zero'd memory from sbrk().  This is a problem for when code might
      call calloc() and expect the memory to have been zero'd out.
      
      There are two possible solutions to this problem.
      1. change #define MORECORE_CLEARS 0
      2. memset to zero memory returned to sbrk.
      
      We go with the second since the sbrk being called to free up memory
      should be pretty rare.
      
      The following code problems an example test to show the issue.  This
      test code was inserted right after the call to mem_malloc_init().
      
      ...
             u8 *p2;
             int i;
      
             printf("MALLOC TEST\n");
             p1 = malloc(135176);
             printf("P1 = %p\n", p1);
             memset(p1, 0xab, 135176);
      
             free(p1);
             p2 = calloc(4097, 1);
             printf("P2 = %p %p\n", p2, p2 + 4097);
      
             for (i = 0; i < 4097; i++) {
      	       if (p2[i] != 0)
      		       printf("miscompare at byte %d got %x\n", i, p2[i]);
      
             free(p2);
             printf("END MALLOC TEST\n\n");
      ...
      
      Signed-off-by: default avatarKumar Gala <galak@kernel.crashing.org>
      Tested-by: default avatarWolfgang Denk <wd@denx.de>