espressif/tlsf
1
0
Fork 0
mirror of https://github.com/espressif/tlsf.git synced 2026-06-06 05:24:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix block_size_max handling in adjust_request_size

Browse Source 
In the 64-bit build, an allocation of request in the range
]block_size_max-ALIGN_SIZE,block_size_max[ could cause an out-of-bounds
access to sl_bitmap.
This commit is contained in:
Martin Dufour
2016-08-01 07:51:11 -04:00
committed by GitHub
parent 7d6c9a78da
commit 2b73b8a482
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tlsf.c
+7 -2
View File
@@ -492,10 +492,15 @@ static void* align_ptr(const void* ptr, size_t align)
static size_t adjust_request_size(size_t size, size_t align)
{
size_t adjust = 0;
if (size && size < block_size_max)
if (size)
{
const size_t aligned = align_up(size, align);
adjust = tlsf_max(aligned, block_size_min);
/* aligned sized must not exceed block_size_max or we'll go out of bounds on sl_bitmap */
if (aligned < block_size_max)
{
adjust = tlsf_max(aligned, block_size_min);
}
}
return adjust;
}