• Sandrine Bailleux's avatar
    Ensure addresses in is_mem_free() don't overflow · 7b6d330c
    Sandrine Bailleux authored
    This patch adds some runtime checks to prevent some potential
    pointer overflow issues in the is_mem_free() function. The overflow
    could happen in the case where the end addresses, computed as the
    sum of a base address and a size, results in a value large enough
    to wrap around. This, in turn, could lead to unpredictable behaviour.
    
    If such an overflow is detected, the is_mem_free() function will now
    declare the memory region as not free. The overflow is detected using
    a new macro, called check_uptr_overflow().
    
    This patch also modifies all other places in the 'bl_common.c' file
    where an end address was computed as the sum of a base address and a
    size and instead keeps the two values separate. This avoids the need
    to handle pointer overflows everywhere. The code doesn't actually need
    to compute any end address before the is_mem_free() function is called
    other than to print information message to the serial output.
    
    This patch also introduces 2 slight changes to the reserve_mem()
    function:
    
     - It fixes the end addresses passed to choose_mem_pos(). It was
       incorrectly passing (base + size) instead of (base + size - 1).
    
     - When the requested allocation size is 0, the function now exits
       straight away and says so using a warning message.
       Previously, it used to actually reserve some memory. A zero-byte
       allocation was not considered as a special case so the function
       was using the same top/bottom allocation mechanism as for any
       other allocation. As a result, the smallest area of memory starting
       from the requested base address within the free region was
       reserved.
    
    Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
    7b6d330c
utils.h 2.54 KB