diff options
author | William Wilgus <me.theuser@yahoo.com> | 2020-06-27 23:32:45 -0400 |
---|---|---|
committer | William Wilgus <me.theuser@yahoo.com> | 2020-07-15 13:29:21 +0000 |
commit | 8577d5aea360f9925c1dda77b11f49967b601525 (patch) | |
tree | 16e18228321851a1c4874416013354ada3424405 /firmware | |
parent | 7d005335ba1af1eef4db83f9a0ebec121d38be80 (diff) | |
download | rockbox-8577d5aea360f9925c1dda77b11f49967b601525.tar.gz rockbox-8577d5aea360f9925c1dda77b11f49967b601525.zip |
Buflib_init Bugfix Minsize
when buflib_init is called with a buffer smaller than
sizeof(union buflib_data); size will be zero
Later when the alloc fails buflib will keep try to free items
in order to satisify the request this crashes in the sim
I suspect this behavior holds true on device as well
but I havent verified this as of yet.
patch adds minimal overhead to the buflib and panics when the size is too small
Change-Id: I46e510367fc1cac19ce01ee6f92d8cf0d65ef914
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/buflib.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/firmware/buflib.c b/firmware/buflib.c index f909ab8333..0e90e7fe72 100644 --- a/firmware/buflib.c +++ b/firmware/buflib.c | |||
@@ -123,6 +123,12 @@ buflib_init(struct buflib_context *ctx, void *buf, size_t size) | |||
123 | */ | 123 | */ |
124 | ctx->alloc_end = bd_buf; | 124 | ctx->alloc_end = bd_buf; |
125 | ctx->compact = true; | 125 | ctx->compact = true; |
126 | |||
127 | if (size == 0) | ||
128 | { | ||
129 | BPANICF("buflib_init error (CTX:%p, %zd bytes):\n", ctx, | ||
130 | (ctx->handle_table - ctx->buf_start) * sizeof(union buflib_data)); | ||
131 | } | ||
126 | } | 132 | } |
127 | 133 | ||
128 | bool buflib_context_relocate(struct buflib_context *ctx, void *buf) | 134 | bool buflib_context_relocate(struct buflib_context *ctx, void *buf) |