diff --git a/include/FreeRTOS.h b/include/FreeRTOS.h index 9b70dcf508..3b1bed68d3 100644 --- a/include/FreeRTOS.h +++ b/include/FreeRTOS.h @@ -1099,6 +1099,10 @@ extern "C" { #define configAPPLICATION_ALLOCATED_HEAP 0 #endif +#ifndef configENABLE_HEAP_PROTECTOR + #define configENABLE_HEAP_PROTECTOR 0 +#endif + #ifndef configUSE_TASK_NOTIFICATIONS #define configUSE_TASK_NOTIFICATIONS 1 #endif diff --git a/portable/MemMang/heap_4.c b/portable/MemMang/heap_4.c index e9dae5055f..b06e1c7f4f 100644 --- a/portable/MemMang/heap_4.c +++ b/portable/MemMang/heap_4.c @@ -66,11 +66,13 @@ #define heapSIZE_MAX ( ~( ( size_t ) 0 ) ) /* Check if multiplying a and b will result in overflow. */ -#define heapMULTIPLY_WILL_OVERFLOW( a, b ) \ - ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) ) +#define heapMULTIPLY_WILL_OVERFLOW( a, b ) ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) ) /* Check if adding a and b will result in overflow. */ -#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) ) +#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) ) + +/* Check if the subtraction operation ( a - b ) will result in underflow. */ +#define heapSUBTRACT_WILL_UNDERFLOW( a, b ) ( ( a ) < ( b ) ) /* MSB of the xBlockSize member of an BlockLink_t structure is used to track * the allocation status of a block. When MSB of the xBlockSize member of @@ -108,6 +110,38 @@ typedef struct A_BLOCK_LINK size_t xBlockSize; /**< The size of the free block. */ } BlockLink_t; +/* Setting configENABLE_HEAP_PROTECTOR to 1 enables heap block pointers + * protection using an application supplied canary value to catch heap + * corruption should a heap buffer overflow occur. + */ +#if ( configENABLE_HEAP_PROTECTOR == 1 ) + +/** + * @brief Application provided function to get a random value to be used as canary. + * + * @param pxHeapCanary [out] Output parameter to return the canary value. + */ + extern void vApplicationGetRandomHeapCanary( portPOINTER_SIZE_TYPE * pxHeapCanary ); + +/* Canary value for protecting internal heap pointers. */ + PRIVILEGED_DATA static portPOINTER_SIZE_TYPE xHeapCanary; + +/* Macro to load/store BlockLink_t pointers to memory. By XORing the + * pointers with a random canary value, heap overflows will result + * in randomly unpredictable pointer values which will be caught by + * heapVALIDATE_BLOCK_POINTER assert. */ + #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( ( BlockLink_t * ) ( ( ( portPOINTER_SIZE_TYPE ) ( pxBlock ) ) ^ xHeapCanary ) ) +#else + + #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( pxBlock ) + +#endif /* configENABLE_HEAP_PROTECTOR */ + +/* Assert that a heap block pointer is within the heap bounds. */ +#define heapVALIDATE_BLOCK_POINTER( pxBlock ) \ + configASSERT( ( ( uint8_t * ) ( pxBlock ) >= &( ucHeap[ 0 ] ) ) && \ + ( ( uint8_t * ) ( pxBlock ) <= &( ucHeap[ configTOTAL_HEAP_SIZE - 1 ] ) ) ) + /*-----------------------------------------------------------*/ /* @@ -221,13 +255,14 @@ void * pvPortMalloc( size_t xWantedSize ) /* Traverse the list from the start (lowest address) block until * one of adequate size is found. */ pxPreviousBlock = &xStart; - pxBlock = xStart.pxNextFreeBlock; + pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock ); + heapVALIDATE_BLOCK_POINTER( pxBlock ); - while( ( pxBlock->xBlockSize < xWantedSize ) && - ( pxBlock->pxNextFreeBlock != NULL ) ) + while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != heapPROTECT_BLOCK_POINTER( NULL ) ) ) { pxPreviousBlock = pxBlock; - pxBlock = pxBlock->pxNextFreeBlock; + pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock ); + heapVALIDATE_BLOCK_POINTER( pxBlock ); } /* If the end marker was reached then a block of adequate size @@ -236,9 +271,8 @@ void * pvPortMalloc( size_t xWantedSize ) { /* Return the memory space pointed to - jumping over the * BlockLink_t structure at its start. */ - pvReturn = ( void * ) ( ( ( uint8_t * ) pxPreviousBlock - ->pxNextFreeBlock ) + - xHeapStructSize ); + pvReturn = ( void * ) ( ( ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxPreviousBlock->pxNextFreeBlock ) ) + xHeapStructSize ); + heapVALIDATE_BLOCK_POINTER( pvReturn ); /* This block is being returned for use so must be taken out * of the list of free blocks. */ @@ -246,8 +280,9 @@ void * pvPortMalloc( size_t xWantedSize ) /* If the block is larger than required it can be split into * two. */ - if( ( pxBlock->xBlockSize - xWantedSize ) > - heapMINIMUM_BLOCK_SIZE ) + configASSERT( heapSUBTRACT_WILL_UNDERFLOW( pxBlock->xBlockSize, xWantedSize ) == 0 ); + + if( ( pxBlock->xBlockSize - xWantedSize ) > heapMINIMUM_BLOCK_SIZE ) { /* This block is to be split into two. Create a new * block following the number of bytes requested. The @@ -265,9 +300,8 @@ void * pvPortMalloc( size_t xWantedSize ) pxBlock->xBlockSize = xWantedSize; /* Insert the new block into the list of free blocks. */ - pxNewBlockLink->pxNextFreeBlock = pxPreviousBlock - ->pxNextFreeBlock; - pxPreviousBlock->pxNextFreeBlock = pxNewBlockLink; + pxNewBlockLink->pxNextFreeBlock = pxPreviousBlock->pxNextFreeBlock; + pxPreviousBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxNewBlockLink ); } else { @@ -343,6 +377,7 @@ void vPortFree( void * pv ) /* This casting is to keep the compiler from issuing warnings. */ pxLink = ( void * ) puc; + heapVALIDATE_BLOCK_POINTER( pxLink ); configASSERT( heapBLOCK_IS_ALLOCATED( pxLink ) != 0 ); configASSERT( pxLink->pxNextFreeBlock == NULL ); @@ -355,12 +390,14 @@ void vPortFree( void * pv ) heapFREE_BLOCK( pxLink ); #if( configHEAP_CLEAR_MEMORY_ON_FREE == 1 ) { - ( void ) memset( puc + xHeapStructSize, - 0, - pxLink->xBlockSize - xHeapStructSize ); + /* Check for underflow as this can occur if xBlockSize is + * overwritten in a heap block. */ + if( heapSUBTRACT_WILL_UNDERFLOW( pxLink->xBlockSize, xHeapStructSize ) == 0 ) + { + ( void ) memset( puc + xHeapStructSize, 0, pxLink->xBlockSize - xHeapStructSize ); + } } #endif - vTaskSuspendAll(); { /* Add this block to the list of free blocks. */ @@ -440,9 +477,15 @@ static void prvHeapInit( void ) /* PRIVILEGED_FUNCTION */ pucAlignedHeap = ( uint8_t * ) uxAddress; + #if ( configENABLE_HEAP_PROTECTOR == 1 ) + { + vApplicationGetRandomHeapCanary( &( xHeapCanary ) ); + } + #endif + /* xStart is used to hold a pointer to the first item in the list of free * blocks. The void cast is used to prevent compiler warnings. */ - xStart.pxNextFreeBlock = ( void * ) pucAlignedHeap; + xStart.pxNextFreeBlock = ( void * ) heapPROTECT_BLOCK_POINTER( pucAlignedHeap ); xStart.xBlockSize = ( size_t ) 0; /* pxEnd is used to mark the end of the list of free blocks and is inserted @@ -452,15 +495,13 @@ static void prvHeapInit( void ) /* PRIVILEGED_FUNCTION */ uxAddress &= ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ); pxEnd = ( BlockLink_t * ) uxAddress; pxEnd->xBlockSize = 0; - pxEnd->pxNextFreeBlock = NULL; + pxEnd->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( NULL ); /* To start with there is a single free block that is sized to take up the * entire heap space, minus the space taken by pxEnd. */ pxFirstFreeBlock = ( BlockLink_t * ) pucAlignedHeap; - pxFirstFreeBlock->xBlockSize = ( size_t ) ( uxAddress - - ( portPOINTER_SIZE_TYPE ) - pxFirstFreeBlock ); - pxFirstFreeBlock->pxNextFreeBlock = pxEnd; + pxFirstFreeBlock->xBlockSize = ( size_t ) ( uxAddress - ( portPOINTER_SIZE_TYPE ) pxFirstFreeBlock ); + pxFirstFreeBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd ); /* Only one block exists - and it covers the entire usable heap space. */ xMinimumEverFreeBytesRemaining = pxFirstFreeBlock->xBlockSize; @@ -476,12 +517,16 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) /* PRIVI /* Iterate through the list until a block is found that has a higher address * than the block being inserted. */ - for( pxIterator = &xStart; pxIterator->pxNextFreeBlock < pxBlockToInsert; - pxIterator = pxIterator->pxNextFreeBlock ) + for( pxIterator = &xStart; heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < pxBlockToInsert; pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) ) { /* Nothing to do here, just iterate to the right position. */ } + if( pxIterator != &xStart ) + { + heapVALIDATE_BLOCK_POINTER( pxIterator ); + } + /* Do the block being inserted, and the block it is being inserted after * make a contiguous block of memory? */ puc = ( uint8_t * ) pxIterator; @@ -500,20 +545,17 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) /* PRIVI * make a contiguous block of memory? */ puc = ( uint8_t * ) pxBlockToInsert; - if( ( puc + pxBlockToInsert->xBlockSize ) == - ( uint8_t * ) pxIterator->pxNextFreeBlock ) + if( ( puc + pxBlockToInsert->xBlockSize ) == ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) ) { - if( pxIterator->pxNextFreeBlock != pxEnd ) + if( heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) != pxEnd ) { /* Form one big block from the two blocks. */ - pxBlockToInsert->xBlockSize += pxIterator->pxNextFreeBlock - ->xBlockSize; - pxBlockToInsert->pxNextFreeBlock = pxIterator->pxNextFreeBlock - ->pxNextFreeBlock; + pxBlockToInsert->xBlockSize += heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->xBlockSize; + pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->pxNextFreeBlock; } else { - pxBlockToInsert->pxNextFreeBlock = pxEnd; + pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd ); } } else @@ -527,7 +569,7 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) /* PRIVI * to itself. */ if( pxIterator != pxBlockToInsert ) { - pxIterator->pxNextFreeBlock = pxBlockToInsert; + pxIterator->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxBlockToInsert ); } else { @@ -545,7 +587,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats ) vTaskSuspendAll(); { - pxBlock = xStart.pxNextFreeBlock; + pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock ); /* pxBlock will be NULL if the heap has not been initialised. The heap * is initialised automatically when the first allocation is made. */ @@ -569,7 +611,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats ) /* Move to the next block in the chain until the last block is * reached. */ - pxBlock = pxBlock->pxNextFreeBlock; + pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock ); } } } diff --git a/portable/MemMang/heap_5.c b/portable/MemMang/heap_5.c index 8a4b485865..5182056eb8 100644 --- a/portable/MemMang/heap_5.c +++ b/portable/MemMang/heap_5.c @@ -102,11 +102,13 @@ #define heapSIZE_MAX ( ~( ( size_t ) 0 ) ) /* Check if multiplying a and b will result in overflow. */ -#define heapMULTIPLY_WILL_OVERFLOW( a, b ) \ - ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) ) +#define heapMULTIPLY_WILL_OVERFLOW( a, b ) ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) ) /* Check if adding a and b will result in overflow. */ -#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) ) +#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) ) + +/* Check if the subtraction operation ( a - b ) will result in underflow. */ +#define heapSUBTRACT_WILL_UNDERFLOW( a, b ) ( ( a ) < ( b ) ) /* MSB of the xBlockSize member of an BlockLink_t structure is used to track * the allocation status of a block. When MSB of the xBlockSize member of @@ -134,6 +136,46 @@ typedef struct A_BLOCK_LINK size_t xBlockSize; /**< The size of the free block. */ } BlockLink_t; +/* Setting configENABLE_HEAP_PROTECTOR to 1 enables heap block pointers + * protection using an application supplied canary value to catch heap + * corruption should a heap buffer overflow occur. + */ +#if ( configENABLE_HEAP_PROTECTOR == 1 ) + +/** + * @brief Application provided function to get a random value to be used as canary. + * + * @param pxHeapCanary [out] Output parameter to return the canary value. + */ + extern void vApplicationGetRandomHeapCanary( portPOINTER_SIZE_TYPE * pxHeapCanary ); + +/* Canary value for protecting internal heap pointers. */ + PRIVILEGED_DATA static portPOINTER_SIZE_TYPE xHeapCanary; + + +/* Macro to load/store BlockLink_t pointers to memory. By XORing the + * pointers with a random canary value, heap overflows will result + * in randomly unpredictable pointer values which will be caught by + * heapVALIDATE_BLOCK_POINTER assert. */ + #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( ( BlockLink_t * ) ( ( ( portPOINTER_SIZE_TYPE ) ( pxBlock ) ) ^ xHeapCanary ) ) + +#else /* if ( configENABLE_HEAP_PROTECTOR == 1 ) */ + + #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( pxBlock ) + +#endif /* configENABLE_HEAP_PROTECTOR */ + +/* Highest and lowest heap addresses used for heap block bounds checking. */ +PRIVILEGED_DATA static uint8_t * pucHeapHighAddress = NULL; +PRIVILEGED_DATA static uint8_t * pucHeapLowAddress = NULL; + +/* Assert that a heap block pointer is within the heap bounds. */ +#define heapVALIDATE_BLOCK_POINTER( pxBlock ) \ + configASSERT( ( pucHeapHighAddress != NULL ) && \ + ( pucHeapLowAddress != NULL ) && \ + ( ( uint8_t * ) ( pxBlock ) >= pucHeapLowAddress ) && \ + ( ( uint8_t * ) ( pxBlock ) < pucHeapHighAddress ) ) + /*-----------------------------------------------------------*/ /* @@ -142,8 +184,8 @@ typedef struct A_BLOCK_LINK * the block in front it and/or the block behind it if the memory blocks are * adjacent to each other. */ -static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ); - +static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) PRIVILEGED_FUNCTION; +void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) PRIVILEGED_FUNCTION; /*-----------------------------------------------------------*/ /* The size of the structure placed at the beginning of each allocated memory @@ -154,15 +196,15 @@ static const size_t xHeapStructSize = ( sizeof( BlockLink_t ) + ~( ( size_t ) portBYTE_ALIGNMENT_MASK ); /* Create a couple of list links to mark the start and end of the list. */ -static BlockLink_t xStart; -static BlockLink_t * pxEnd = NULL; +PRIVILEGED_DATA static BlockLink_t xStart; +PRIVILEGED_DATA static BlockLink_t * pxEnd = NULL; /* Keeps track of the number of calls to allocate and free memory as well as the * number of free bytes remaining, but says nothing about fragmentation. */ -static size_t xFreeBytesRemaining = 0U; -static size_t xMinimumEverFreeBytesRemaining = 0U; -static size_t xNumberOfSuccessfulAllocations = 0; -static size_t xNumberOfSuccessfulFrees = 0; +PRIVILEGED_DATA static size_t xFreeBytesRemaining = 0U; +PRIVILEGED_DATA static size_t xMinimumEverFreeBytesRemaining = 0U; +PRIVILEGED_DATA static size_t xNumberOfSuccessfulAllocations = 0; +PRIVILEGED_DATA static size_t xNumberOfSuccessfulFrees = 0; /*-----------------------------------------------------------*/ @@ -233,13 +275,13 @@ void * pvPortMalloc( size_t xWantedSize ) /* Traverse the list from the start (lowest address) block until * one of adequate size is found. */ pxPreviousBlock = &xStart; - pxBlock = xStart.pxNextFreeBlock; - - while( ( pxBlock->xBlockSize < xWantedSize ) && - ( pxBlock->pxNextFreeBlock != NULL ) ) + pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock ); + heapVALIDATE_BLOCK_POINTER( pxBlock ); + while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != heapPROTECT_BLOCK_POINTER( NULL ) ) ) { pxPreviousBlock = pxBlock; - pxBlock = pxBlock->pxNextFreeBlock; + pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock ); + heapVALIDATE_BLOCK_POINTER( pxBlock ); } /* If the end marker was reached then a block of adequate size @@ -248,9 +290,8 @@ void * pvPortMalloc( size_t xWantedSize ) { /* Return the memory space pointed to - jumping over the * BlockLink_t structure at its start. */ - pvReturn = ( void * ) ( ( ( uint8_t * ) pxPreviousBlock - ->pxNextFreeBlock ) + - xHeapStructSize ); + pvReturn = ( void * ) ( ( ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxPreviousBlock->pxNextFreeBlock ) ) + xHeapStructSize ); + heapVALIDATE_BLOCK_POINTER( pvReturn ); /* This block is being returned for use so must be taken out * of the list of free blocks. */ @@ -258,15 +299,16 @@ void * pvPortMalloc( size_t xWantedSize ) /* If the block is larger than required it can be split into * two. */ - if( ( pxBlock->xBlockSize - xWantedSize ) > - heapMINIMUM_BLOCK_SIZE ) + configASSERT( heapSUBTRACT_WILL_UNDERFLOW( pxBlock->xBlockSize, xWantedSize ) == 0 ); + + if( ( pxBlock->xBlockSize - xWantedSize ) > heapMINIMUM_BLOCK_SIZE ) { /* This block is to be split into two. Create a new - * block following the number of bytes requested. The - * void cast is used to prevent byte alignment warnings - * from the compiler. */ - pxNewBlockLink = ( void * ) ( ( ( uint8_t * ) pxBlock ) + - xWantedSize ); + * block following the number of bytes requested. The void + * cast is used to prevent byte alignment warnings from the + * compiler. */ + pxNewBlockLink = ( void * ) ( ( ( uint8_t * ) pxBlock ) + xWantedSize ); + configASSERT( ( ( ( size_t ) pxNewBlockLink ) & portBYTE_ALIGNMENT_MASK ) == 0 ); /* Calculate the sizes of two blocks split from the * single block. */ @@ -275,9 +317,8 @@ void * pvPortMalloc( size_t xWantedSize ) pxBlock->xBlockSize = xWantedSize; /* Insert the new block into the list of free blocks. */ - pxNewBlockLink->pxNextFreeBlock = pxPreviousBlock - ->pxNextFreeBlock; - pxPreviousBlock->pxNextFreeBlock = pxNewBlockLink; + pxNewBlockLink->pxNextFreeBlock = pxPreviousBlock->pxNextFreeBlock; + pxPreviousBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxNewBlockLink ); } else { @@ -333,6 +374,7 @@ void * pvPortMalloc( size_t xWantedSize ) } #endif /* if ( configUSE_MALLOC_FAILED_HOOK == 1 ) */ + configASSERT( ( ( ( size_t ) pvReturn ) & ( size_t ) portBYTE_ALIGNMENT_MASK ) == 0 ); return pvReturn; } /*-----------------------------------------------------------*/ @@ -351,6 +393,7 @@ void vPortFree( void * pv ) /* This casting is to keep the compiler from issuing warnings. */ pxLink = ( void * ) puc; + heapVALIDATE_BLOCK_POINTER( pxLink ); configASSERT( heapBLOCK_IS_ALLOCATED( pxLink ) != 0 ); configASSERT( pxLink->pxNextFreeBlock == NULL ); @@ -363,9 +406,12 @@ void vPortFree( void * pv ) heapFREE_BLOCK( pxLink ); #if( configHEAP_CLEAR_MEMORY_ON_FREE == 1 ) { - ( void ) memset( puc + xHeapStructSize, - 0, - pxLink->xBlockSize - xHeapStructSize ); + /* Check for underflow as this can occur if xBlockSize is + * overwritten in a heap block. */ + if( heapSUBTRACT_WILL_UNDERFLOW( pxLink->xBlockSize, xHeapStructSize ) == 0 ) + { + ( void ) memset( puc + xHeapStructSize, 0, pxLink->xBlockSize - xHeapStructSize ); + } } #endif @@ -422,19 +468,23 @@ void * pvPortCalloc( size_t xNum, size_t xSize ) } /*-----------------------------------------------------------*/ -static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) +static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) /* PRIVILEGED_FUNCTION */ { BlockLink_t * pxIterator; uint8_t * puc; /* Iterate through the list until a block is found that has a higher address * than the block being inserted. */ - for( pxIterator = &xStart; pxIterator->pxNextFreeBlock < pxBlockToInsert; - pxIterator = pxIterator->pxNextFreeBlock ) + for( pxIterator = &xStart; heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < pxBlockToInsert; pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) ) { /* Nothing to do here, just iterate to the right position. */ } + if( pxIterator != &xStart ) + { + heapVALIDATE_BLOCK_POINTER( pxIterator ); + } + /* Do the block being inserted, and the block it is being inserted after * make a contiguous block of memory? */ puc = ( uint8_t * ) pxIterator; @@ -453,20 +503,17 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) * make a contiguous block of memory? */ puc = ( uint8_t * ) pxBlockToInsert; - if( ( puc + pxBlockToInsert->xBlockSize ) == - ( uint8_t * ) pxIterator->pxNextFreeBlock ) + if( ( puc + pxBlockToInsert->xBlockSize ) == ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) ) { - if( pxIterator->pxNextFreeBlock != pxEnd ) + if( heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) != pxEnd ) { /* Form one big block from the two blocks. */ - pxBlockToInsert->xBlockSize += pxIterator->pxNextFreeBlock - ->xBlockSize; - pxBlockToInsert->pxNextFreeBlock = pxIterator->pxNextFreeBlock - ->pxNextFreeBlock; + pxBlockToInsert->xBlockSize += heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->xBlockSize; + pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->pxNextFreeBlock; } else { - pxBlockToInsert->pxNextFreeBlock = pxEnd; + pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd ); } } else @@ -474,13 +521,13 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) pxBlockToInsert->pxNextFreeBlock = pxIterator->pxNextFreeBlock; } - /* If the block being inserted plugged a gab, so was merged with the block + /* If the block being inserted plugged a gap, so was merged with the block * before and the block after, then it's pxNextFreeBlock pointer will have * already been set, and should not be set here as that would make it point * to itself. */ if( pxIterator != pxBlockToInsert ) { - pxIterator->pxNextFreeBlock = pxBlockToInsert; + pxIterator->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxBlockToInsert ); } else { @@ -489,7 +536,7 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) } /*-----------------------------------------------------------*/ -void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) +void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) /* PRIVILEGED_FUNCTION */ { BlockLink_t * pxFirstFreeBlockInRegion = NULL; BlockLink_t * pxPreviousFreeBlock; @@ -502,6 +549,12 @@ void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) /* Can only call once! */ configASSERT( pxEnd == NULL ); + #if ( configENABLE_HEAP_PROTECTOR == 1 ) + { + vApplicationGetRandomHeapCanary( &( xHeapCanary ) ); + } + #endif + pxHeapRegion = &( pxHeapRegions[ xDefinedRegions ] ); while( pxHeapRegion->xSizeInBytes > 0 ) @@ -528,21 +581,30 @@ void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) if( xDefinedRegions == 0 ) { /* xStart is used to hold a pointer to the first item in the list of - * free blocks. The void cast is used to prevent compiler - * warnings. */ - xStart.pxNextFreeBlock = ( BlockLink_t * ) xAlignedHeap; + * free blocks. The void cast is used to prevent compiler warnings. */ + xStart.pxNextFreeBlock = ( BlockLink_t * ) heapPROTECT_BLOCK_POINTER( xAlignedHeap ); xStart.xBlockSize = ( size_t ) 0; } else { /* Should only get here if one region has already been added to the * heap. */ - configASSERT( pxEnd != NULL ); + configASSERT( pxEnd != heapPROTECT_BLOCK_POINTER( NULL ) ); /* Check blocks are passed in with increasing start addresses. */ configASSERT( ( size_t ) xAddress > ( size_t ) pxEnd ); } + #if ( configENABLE_HEAP_PROTECTOR == 1 ) + { + if( ( pucHeapLowAddress == NULL ) || + ( ( uint8_t * ) xAlignedHeap < pucHeapLowAddress ) ) + { + pucHeapLowAddress = ( uint8_t * ) xAlignedHeap; + } + } + #endif /* configENABLE_HEAP_PROTECTOR */ + /* Remember the location of the end marker in the previous region, if * any. */ pxPreviousFreeBlock = pxEnd; @@ -554,27 +616,34 @@ void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) xAddress &= ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ); pxEnd = ( BlockLink_t * ) xAddress; pxEnd->xBlockSize = 0; - pxEnd->pxNextFreeBlock = NULL; + pxEnd->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( NULL ); /* To start with there is a single free block in this region that is * sized to take up the entire heap region minus the space taken by the * free block structure. */ pxFirstFreeBlockInRegion = ( BlockLink_t * ) xAlignedHeap; - pxFirstFreeBlockInRegion - ->xBlockSize = ( size_t ) ( xAddress - - ( portPOINTER_SIZE_TYPE ) - pxFirstFreeBlockInRegion ); - pxFirstFreeBlockInRegion->pxNextFreeBlock = pxEnd; + pxFirstFreeBlockInRegion->xBlockSize = ( size_t ) ( xAddress - ( portPOINTER_SIZE_TYPE ) pxFirstFreeBlockInRegion ); + pxFirstFreeBlockInRegion->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd ); /* If this is not the first region that makes up the entire heap space * then link the previous region to this region. */ if( pxPreviousFreeBlock != NULL ) { - pxPreviousFreeBlock->pxNextFreeBlock = pxFirstFreeBlockInRegion; + pxPreviousFreeBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxFirstFreeBlockInRegion ); } xTotalHeapSize += pxFirstFreeBlockInRegion->xBlockSize; + #if ( configENABLE_HEAP_PROTECTOR == 1 ) + { + if( ( pucHeapHighAddress == NULL ) || + ( ( ( ( uint8_t * ) pxFirstFreeBlockInRegion ) + pxFirstFreeBlockInRegion->xBlockSize ) > pucHeapHighAddress ) ) + { + pucHeapHighAddress = ( ( uint8_t * ) pxFirstFreeBlockInRegion ) + pxFirstFreeBlockInRegion->xBlockSize; + } + } + #endif + /* Move onto the next HeapRegion_t structure. */ xDefinedRegions++; pxHeapRegion = &( pxHeapRegions[ xDefinedRegions ] ); @@ -597,7 +666,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats ) vTaskSuspendAll(); { - pxBlock = xStart.pxNextFreeBlock; + pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock ); /* pxBlock will be NULL if the heap has not been initialised. The heap * is initialised automatically when the first allocation is made. */ @@ -627,7 +696,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats ) /* Move to the next block in the chain until the last block is * reached. */ - pxBlock = pxBlock->pxNextFreeBlock; + pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock ); } } }