summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWilliam Wilgus <wilgus.william@gmail.com>2023-01-02 10:09:46 -0500
committerWilliam Wilgus <wilgus.william@gmail.com>2023-01-02 10:09:46 -0500
commit6cbf2160e55ac6ec1b8423ce0ca82b6fa432e366 (patch)
tree9fd8042957e6b2ae37513e0c6c4679510a695e9f
parent3def8fee8c80a2fd85425d3278ec58de8de698c2 (diff)
downloadrockbox-6cbf2160e5.tar.gz
rockbox-6cbf2160e5.zip
tlsf fix corruption checks
Turns out (~PTR_MASK) != (0xFFFFFFFF - PTR_MASK) in 64 bit land tmp_b = (bhdr_t*) ( (intptr_t)b->prev_hdr & BLOCK_SIZE ); using ~STATE_MASK or even #define BLOCK_SIZE (~PTR_MASK) resolves the issue switching BLOCK_SIZE TO ~STATE_MASK appears to fix it Also define BLOCK_SIZE (~PTR_MASK) Fix a few signed / unsigned errors Change-Id: Ica59db0faa2df408831c23312243ae19259dba6b
-rw-r--r--lib/tlsf/src/tlsf.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/tlsf/src/tlsf.c b/lib/tlsf/src/tlsf.c
index 15fa8002d2..7943770975 100644
--- a/lib/tlsf/src/tlsf.c
+++ b/lib/tlsf/src/tlsf.c
@@ -163,7 +163,7 @@ void abort(void);
#define TLSF_SIGNATURE (0x2A59FA59)
#define PTR_MASK (sizeof(void *) - 1)
-#define BLOCK_SIZE (0xFFFFFFFF - PTR_MASK)
+#define BLOCK_SIZE (~PTR_MASK) /* BUGFIX (0xFFFFFFFF - PTR_MASK) */
/* Dereferencing type-punned pointers will break strict aliasing.*/
@@ -342,12 +342,12 @@ static __inline__ int ms_bit(int i)
static __inline__ void set_bit(int nr, u32_t * addr)
{
- addr[nr >> 5] |= 1 << (nr & 0x1f);
+ addr[nr >> 5] |= 1u << (nr & 0x1f);
}
static __inline__ void clear_bit(int nr, u32_t * addr)
{
- addr[nr >> 5] &= ~(1 << (nr & 0x1f));
+ addr[nr >> 5] &= ~(1u << (nr & 0x1f));
}
static __inline__ void MAPPING_SEARCH(size_t * _r, int *_fl, int *_sl)
@@ -871,7 +871,7 @@ void free_ex(void *ptr, void *mem_pool)
}
if (b->size & PREV_FREE) {
/* Coalesce previous block */
- tmp_b = (bhdr_t*) ( (intptr_t)b->prev_hdr & BLOCK_SIZE );
+ tmp_b = (bhdr_t*) ( (intptr_t)b->prev_hdr & ~STATE_MASK );
MAPPING_INSERT(tmp_b->size & BLOCK_SIZE, &fl, &sl);
EXTRACT_BLOCK(tmp_b, tlsf, fl, sl);
tmp_b->size += (b->size & BLOCK_SIZE) + BHDR_OVERHEAD;