coreboot-kgpe-d16/payloads/libpayload/libc
Yu-Ping Wu aec3b1f7d7 libpayload: malloc: Fix realloc for overlapping buffers
The current realloc() works by freeing the origin buffer, allocating a
new one, and copying the data over. It's true that free() won't touch
the actual memory. However, the alloc() following it will potentially
modify the memory that belongs to the old buffer in order to create a
new free block (right after the newly allocated block). This causes 8
bytes (HDRSIZE) to be overwritten before being copied to the new buffer.

To fix the problem, we must create the header of the new free block
after the data is copied. In this patch, the content of alloc() is split
into two functions:

1. find_free_block(): Find a free block with large enough size, without
   touching the memory
2. use_block(): Update the header of the newly allocated block, and
   create the header of the new free block right after it

Then, inside realloc(), call memmove() call right after
find_free_block() while before use_block().

BUG=b:165439970
TEST=emerge-puff libpayload
TEST=Puff boots
TEST=Verified realloc() correctly copied data when buffers overlapped

Change-Id: I9418320a26820909144890300ddfb09ec2570f43
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45284
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-09-13 13:40:11 +00:00
..
args.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
console.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
coreboot.c libpayload: Cache physical location of strings 2020-08-24 09:13:35 +00:00
ctype.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
die.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
exec.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
fmap.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
fpmath.c libpayload: Add simple 32.32 fixed-point math API 2020-07-09 00:32:11 +00:00
getopt_long.c
hexdump.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
ipchecksum.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
lib.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
libgcc.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
Makefile.inc libpayload: Add simple 32.32 fixed-point math API 2020-07-09 00:32:11 +00:00
malloc.c libpayload: malloc: Fix realloc for overlapping buffers 2020-09-13 13:40:11 +00:00
memory.c libpayload: memmove: Don't make expectations of architecture memcpy 2020-08-24 09:24:06 +00:00
printf.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
qsort.c
rand.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
readline.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
string.c payloads/libpayload/libc: Avoid NULL pointer dereference 2020-05-28 09:34:37 +00:00
strlcpy.c
sysinfo.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
time.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00