From a4e0b23f4fe5e7c9459e5010c55e66fe2ae2ed24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BD=D0=B4=D1=80=D0=B5=D0=B9=20=D0=97=D0=B0=D0=B1?= =?UTF-8?q?=D0=BE=D0=BB=D0=BE=D1=82=D0=BD=D1=8B=D0=B9?= Date: Thu, 5 Mar 2020 19:15:18 +0300 Subject: [PATCH] Prevents NuttX crashing if MM_REGIONS is too small. Added a DEBUGASSERT and a runtime check so that mm_region will not overwrite critical heap data if user incorrectly defines MM_REGIONS. --- mm/mm_heap/mm_initialize.c | 48 +++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 27 deletions(-) diff --git a/mm/mm_heap/mm_initialize.c b/mm/mm_heap/mm_initialize.c index d979408756..7786a745db 100644 --- a/mm/mm_heap/mm_initialize.c +++ b/mm/mm_heap/mm_initialize.c @@ -1,35 +1,20 @@ /**************************************************************************** * mm/mm_heap/mm_initialize.c * - * Copyright (C) 2007, 2009, 2011, 2013 Gregory Nutt. All rights reserved. - * Author: Gregory Nutt + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * http://www.apache.org/licenses/LICENSE-2.0 * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * 3. Neither the name NuttX nor the names of its contributors may be - * used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. * ****************************************************************************/ @@ -75,6 +60,15 @@ void mm_addregion(FAR struct mm_heap_s *heap, FAR void *heapstart, uintptr_t heapend; #if CONFIG_MM_REGIONS > 1 int IDX = heap->mm_nregions; + + /* Writing past CONFIG_MM_REGIONS would have catastrophic consequences */ + + DEBUGASSERT(IDX < CONFIG_MM_REGIONS); + if (IDX >= CONFIG_MM_REGIONS) + { + return; + } + #else # define IDX 0 #endif