core/malloc: Make free and realloc tolerant of invalid usage
Print a message if free or realloc are called on memory outside the
skiboot heap. Freeing is skipped to give the best chance of avoiding
a crash.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
diff --git a/core/malloc.c b/core/malloc.c
index 76996ff..e20eafe 100644
--- a/core/malloc.c
+++ b/core/malloc.c
@@ -8,6 +8,8 @@
#include <mem_region.h>
#include <lock.h>
+#include <skiboot.h>
+#include <stack.h>
#include <string.h>
#include <mem_region-malloc.h>
@@ -29,8 +31,27 @@
return __memalign(DEFAULT_ALIGN, bytes, location);
}
+static bool check_heap_ptr(const void *p)
+{
+ struct mem_region *region = &skiboot_heap;
+ unsigned long ptr = (unsigned long)p;
+
+ if (!ptr)
+ return true;
+
+ if (ptr < region->start || ptr > region->start + region->len) {
+ prerror("Trying to free() a pointer outside heap. Possibly local_alloc().\n");
+ backtrace();
+ return false;
+ }
+ return true;
+}
+
void __free(void *p, const char *location)
{
+ if (!check_heap_ptr(p))
+ return;
+
lock(&skiboot_heap.free_list_lock);
mem_free(&skiboot_heap, p, location);
unlock(&skiboot_heap.free_list_lock);
@@ -40,6 +61,9 @@
{
void *newptr;
+ if (!check_heap_ptr(ptr))
+ return NULL;
+
/* Two classic malloc corner cases. */
if (!size) {
__free(ptr, location);