Virtualization
/
openbios
mirror of https://gitlab.com/qemu-project/openbios.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

OFMEM: Fix selection of reusable memory areas from the internal malloc() freelist. 

The existing code would incorrectly allow freelist memory to be reused if the
requested size were 0x1000 greater than the freelist item size, rather than the
freelist item size being 0x1000 greater than the requested size.

Since internal memory allocations could be smaller than requested, it would be
possible for a caller to clobber over the internal memory heap causing a crash or
internal memory corruption.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

git-svn-id: svn://coreboot.org/openbios/trunk/openbios-devel@1119 f158a5a8-5612-0410-a976-696ce0be7e32
This commit is contained in:
Mark Cave-Ayland 2013-04-19 07:03:26 +00:00
parent 76b257ed2b
commit 8562fe7979
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libopenbios/ofmem_common.c
View File

@ -107,7 +107,7 @@ int ofmem_posix_memalign( void **memptr, size_t alignment, size_t size )
}
/* waste at most 4K by taking an entry from the freelist */
if( *pp && (**pp).size < size + 0x1000 ) {
if( *pp && (**pp).size > size + 0x1000 ) {
/* Alignment should be on physical not virtual address */
pa = va2pa((uintptr_t)*pp + sizeof(alloc_desc_t));
pa = align_ptr(pa, alignment);