From 6cbf2160e55ac6ec1b8423ce0ca82b6fa432e366 Mon Sep 17 00:00:00 2001 From: William Wilgus Date: Mon, 2 Jan 2023 10:09:46 -0500 Subject: tlsf fix corruption checks Turns out (~PTR_MASK) != (0xFFFFFFFF - PTR_MASK) in 64 bit land tmp_b = (bhdr_t*) ( (intptr_t)b->prev_hdr & BLOCK_SIZE ); using ~STATE_MASK or even #define BLOCK_SIZE (~PTR_MASK) resolves the issue switching BLOCK_SIZE TO ~STATE_MASK appears to fix it Also define BLOCK_SIZE (~PTR_MASK) Fix a few signed / unsigned errors Change-Id: Ica59db0faa2df408831c23312243ae19259dba6b --- lib/tlsf/src/tlsf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/tlsf/src/tlsf.c b/lib/tlsf/src/tlsf.c index 15fa8002d2..7943770975 100644 --- a/lib/tlsf/src/tlsf.c +++ b/lib/tlsf/src/tlsf.c @@ -163,7 +163,7 @@ void abort(void); #define TLSF_SIGNATURE (0x2A59FA59) #define PTR_MASK (sizeof(void *) - 1) -#define BLOCK_SIZE (0xFFFFFFFF - PTR_MASK) +#define BLOCK_SIZE (~PTR_MASK) /* BUGFIX (0xFFFFFFFF - PTR_MASK) */ /* Dereferencing type-punned pointers will break strict aliasing.*/ @@ -342,12 +342,12 @@ static __inline__ int ms_bit(int i) static __inline__ void set_bit(int nr, u32_t * addr) { - addr[nr >> 5] |= 1 << (nr & 0x1f); + addr[nr >> 5] |= 1u << (nr & 0x1f); } static __inline__ void clear_bit(int nr, u32_t * addr) { - addr[nr >> 5] &= ~(1 << (nr & 0x1f)); + addr[nr >> 5] &= ~(1u << (nr & 0x1f)); } static __inline__ void MAPPING_SEARCH(size_t * _r, int *_fl, int *_sl) @@ -871,7 +871,7 @@ void free_ex(void *ptr, void *mem_pool) } if (b->size & PREV_FREE) { /* Coalesce previous block */ - tmp_b = (bhdr_t*) ( (intptr_t)b->prev_hdr & BLOCK_SIZE ); + tmp_b = (bhdr_t*) ( (intptr_t)b->prev_hdr & ~STATE_MASK ); MAPPING_INSERT(tmp_b->size & BLOCK_SIZE, &fl, &sl); EXTRACT_BLOCK(tmp_b, tlsf, fl, sl); tmp_b->size += (b->size & BLOCK_SIZE) + BHDR_OVERHEAD; -- cgit v1.2.3