Heap protect (#747)
Setting configENABLE_HEAP_PROTECTOR to 1 obfuscates heap
block pointers by XORing them with an application supplied
canary value. This obfuscation helps to catch heap corruption
should a heap buffer overflow occur.
This PR also adds heap bounds checking to heap_4 and heap_5.
This PR also adds some additional integer underflow checks.
diff --git a/include/FreeRTOS.h b/include/FreeRTOS.h
index 34a14ca..ca5818e 100644
--- a/include/FreeRTOS.h
+++ b/include/FreeRTOS.h
@@ -1071,6 +1071,10 @@
#define configAPPLICATION_ALLOCATED_HEAP 0
#endif
+#ifndef configENABLE_HEAP_PROTECTOR
+ #define configENABLE_HEAP_PROTECTOR 0
+#endif
+
#ifndef configUSE_TASK_NOTIFICATIONS
#define configUSE_TASK_NOTIFICATIONS 1
#endif
diff --git a/portable/MemMang/heap_4.c b/portable/MemMang/heap_4.c
index b1053ba..59a1ce0 100644
--- a/portable/MemMang/heap_4.c
+++ b/portable/MemMang/heap_4.c
@@ -65,10 +65,13 @@
#define heapSIZE_MAX ( ~( ( size_t ) 0 ) )
/* Check if multiplying a and b will result in overflow. */
-#define heapMULTIPLY_WILL_OVERFLOW( a, b ) ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) )
+#define heapMULTIPLY_WILL_OVERFLOW( a, b ) ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) )
/* Check if adding a and b will result in overflow. */
-#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) )
+#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) )
+
+/* Check if the subtraction operation ( a - b ) will result in underflow. */
+#define heapSUBTRACT_WILL_UNDERFLOW( a, b ) ( ( a ) < ( b ) )
/* MSB of the xBlockSize member of an BlockLink_t structure is used to track
* the allocation status of a block. When MSB of the xBlockSize member of
@@ -100,6 +103,38 @@
size_t xBlockSize; /**< The size of the free block. */
} BlockLink_t;
+/* Setting configENABLE_HEAP_PROTECTOR to 1 enables heap block pointers
+ * protection using an application supplied canary value to catch heap
+ * corruption should a heap buffer overflow occur.
+ */
+#if ( configENABLE_HEAP_PROTECTOR == 1 )
+
+/**
+ * @brief Application provided function to get a random value to be used as canary.
+ *
+ * @param pxHeapCanary [out] Output parameter to return the canary value.
+ */
+ extern void vApplicationGetRandomHeapCanary( portPOINTER_SIZE_TYPE * pxHeapCanary );
+
+/* Canary value for protecting internal heap pointers. */
+ PRIVILEGED_DATA static portPOINTER_SIZE_TYPE xHeapCanary;
+
+/* Macro to load/store BlockLink_t pointers to memory. By XORing the
+ * pointers with a random canary value, heap overflows will result
+ * in randomly unpredictable pointer values which will be caught by
+ * heapVALIDATE_BLOCK_POINTER assert. */
+ #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( ( BlockLink_t * ) ( ( ( portPOINTER_SIZE_TYPE ) ( pxBlock ) ) ^ xHeapCanary ) )
+#else
+
+ #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( pxBlock )
+
+#endif /* configENABLE_HEAP_PROTECTOR */
+
+/* Assert that a heap block pointer is within the heap bounds. */
+#define heapVALIDATE_BLOCK_POINTER( pxBlock ) \
+ configASSERT( ( ( uint8_t * ) ( pxBlock ) >= &( ucHeap[ 0 ] ) ) && \
+ ( ( uint8_t * ) ( pxBlock ) <= &( ucHeap[ configTOTAL_HEAP_SIZE - 1 ] ) ) )
+
/*-----------------------------------------------------------*/
/*
@@ -206,12 +241,14 @@
/* Traverse the list from the start (lowest address) block until
* one of adequate size is found. */
pxPreviousBlock = &xStart;
- pxBlock = xStart.pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock );
+ heapVALIDATE_BLOCK_POINTER( pxBlock );
- while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != NULL ) )
+ while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != heapPROTECT_BLOCK_POINTER( NULL ) ) )
{
pxPreviousBlock = pxBlock;
- pxBlock = pxBlock->pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock );
+ heapVALIDATE_BLOCK_POINTER( pxBlock );
}
/* If the end marker was reached then a block of adequate size
@@ -220,7 +257,8 @@
{
/* Return the memory space pointed to - jumping over the
* BlockLink_t structure at its start. */
- pvReturn = ( void * ) ( ( ( uint8_t * ) pxPreviousBlock->pxNextFreeBlock ) + xHeapStructSize );
+ pvReturn = ( void * ) ( ( ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxPreviousBlock->pxNextFreeBlock ) ) + xHeapStructSize );
+ heapVALIDATE_BLOCK_POINTER( pvReturn );
/* This block is being returned for use so must be taken out
* of the list of free blocks. */
@@ -228,6 +266,8 @@
/* If the block is larger than required it can be split into
* two. */
+ configASSERT( heapSUBTRACT_WILL_UNDERFLOW( pxBlock->xBlockSize, xWantedSize ) == 0 );
+
if( ( pxBlock->xBlockSize - xWantedSize ) > heapMINIMUM_BLOCK_SIZE )
{
/* This block is to be split into two. Create a new
@@ -244,7 +284,7 @@
/* Insert the new block into the list of free blocks. */
pxNewBlockLink->pxNextFreeBlock = pxPreviousBlock->pxNextFreeBlock;
- pxPreviousBlock->pxNextFreeBlock = pxNewBlockLink;
+ pxPreviousBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxNewBlockLink );
}
else
{
@@ -319,6 +359,7 @@
/* This casting is to keep the compiler from issuing warnings. */
pxLink = ( void * ) puc;
+ heapVALIDATE_BLOCK_POINTER( pxLink );
configASSERT( heapBLOCK_IS_ALLOCATED( pxLink ) != 0 );
configASSERT( pxLink->pxNextFreeBlock == NULL );
@@ -331,7 +372,12 @@
heapFREE_BLOCK( pxLink );
#if ( configHEAP_CLEAR_MEMORY_ON_FREE == 1 )
{
- ( void ) memset( puc + xHeapStructSize, 0, pxLink->xBlockSize - xHeapStructSize );
+ /* Check for underflow as this can occur if xBlockSize is
+ * overwritten in a heap block. */
+ if( heapSUBTRACT_WILL_UNDERFLOW( pxLink->xBlockSize, xHeapStructSize ) == 0 )
+ {
+ ( void ) memset( puc + xHeapStructSize, 0, pxLink->xBlockSize - xHeapStructSize );
+ }
}
#endif
@@ -414,9 +460,15 @@
pucAlignedHeap = ( uint8_t * ) uxAddress;
+ #if ( configENABLE_HEAP_PROTECTOR == 1 )
+ {
+ vApplicationGetRandomHeapCanary( &( xHeapCanary ) );
+ }
+ #endif
+
/* xStart is used to hold a pointer to the first item in the list of free
* blocks. The void cast is used to prevent compiler warnings. */
- xStart.pxNextFreeBlock = ( void * ) pucAlignedHeap;
+ xStart.pxNextFreeBlock = ( void * ) heapPROTECT_BLOCK_POINTER( pucAlignedHeap );
xStart.xBlockSize = ( size_t ) 0;
/* pxEnd is used to mark the end of the list of free blocks and is inserted
@@ -426,13 +478,13 @@
uxAddress &= ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK );
pxEnd = ( BlockLink_t * ) uxAddress;
pxEnd->xBlockSize = 0;
- pxEnd->pxNextFreeBlock = NULL;
+ pxEnd->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( NULL );
/* To start with there is a single free block that is sized to take up the
* entire heap space, minus the space taken by pxEnd. */
pxFirstFreeBlock = ( BlockLink_t * ) pucAlignedHeap;
pxFirstFreeBlock->xBlockSize = ( size_t ) ( uxAddress - ( portPOINTER_SIZE_TYPE ) pxFirstFreeBlock );
- pxFirstFreeBlock->pxNextFreeBlock = pxEnd;
+ pxFirstFreeBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd );
/* Only one block exists - and it covers the entire usable heap space. */
xMinimumEverFreeBytesRemaining = pxFirstFreeBlock->xBlockSize;
@@ -447,11 +499,16 @@
/* Iterate through the list until a block is found that has a higher address
* than the block being inserted. */
- for( pxIterator = &xStart; pxIterator->pxNextFreeBlock < pxBlockToInsert; pxIterator = pxIterator->pxNextFreeBlock )
+ for( pxIterator = &xStart; heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < pxBlockToInsert; pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )
{
/* Nothing to do here, just iterate to the right position. */
}
+ if( pxIterator != &xStart )
+ {
+ heapVALIDATE_BLOCK_POINTER( pxIterator );
+ }
+
/* Do the block being inserted, and the block it is being inserted after
* make a contiguous block of memory? */
puc = ( uint8_t * ) pxIterator;
@@ -470,17 +527,17 @@
* make a contiguous block of memory? */
puc = ( uint8_t * ) pxBlockToInsert;
- if( ( puc + pxBlockToInsert->xBlockSize ) == ( uint8_t * ) pxIterator->pxNextFreeBlock )
+ if( ( puc + pxBlockToInsert->xBlockSize ) == ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )
{
- if( pxIterator->pxNextFreeBlock != pxEnd )
+ if( heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) != pxEnd )
{
/* Form one big block from the two blocks. */
- pxBlockToInsert->xBlockSize += pxIterator->pxNextFreeBlock->xBlockSize;
- pxBlockToInsert->pxNextFreeBlock = pxIterator->pxNextFreeBlock->pxNextFreeBlock;
+ pxBlockToInsert->xBlockSize += heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->xBlockSize;
+ pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->pxNextFreeBlock;
}
else
{
- pxBlockToInsert->pxNextFreeBlock = pxEnd;
+ pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd );
}
}
else
@@ -494,7 +551,7 @@
* to itself. */
if( pxIterator != pxBlockToInsert )
{
- pxIterator->pxNextFreeBlock = pxBlockToInsert;
+ pxIterator->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxBlockToInsert );
}
else
{
@@ -510,7 +567,7 @@
vTaskSuspendAll();
{
- pxBlock = xStart.pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock );
/* pxBlock will be NULL if the heap has not been initialised. The heap
* is initialised automatically when the first allocation is made. */
@@ -534,7 +591,7 @@
/* Move to the next block in the chain until the last block is
* reached. */
- pxBlock = pxBlock->pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock );
}
}
}
diff --git a/portable/MemMang/heap_5.c b/portable/MemMang/heap_5.c
index 618dcf8..17b0d07 100644
--- a/portable/MemMang/heap_5.c
+++ b/portable/MemMang/heap_5.c
@@ -99,10 +99,13 @@
#define heapSIZE_MAX ( ~( ( size_t ) 0 ) )
/* Check if multiplying a and b will result in overflow. */
-#define heapMULTIPLY_WILL_OVERFLOW( a, b ) ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) )
+#define heapMULTIPLY_WILL_OVERFLOW( a, b ) ( ( ( a ) > 0 ) && ( ( b ) > ( heapSIZE_MAX / ( a ) ) ) )
/* Check if adding a and b will result in overflow. */
-#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) )
+#define heapADD_WILL_OVERFLOW( a, b ) ( ( a ) > ( heapSIZE_MAX - ( b ) ) )
+
+/* Check if the subtraction operation ( a - b ) will result in underflow. */
+#define heapSUBTRACT_WILL_UNDERFLOW( a, b ) ( ( a ) < ( b ) )
/* MSB of the xBlockSize member of an BlockLink_t structure is used to track
* the allocation status of a block. When MSB of the xBlockSize member of
@@ -124,6 +127,46 @@
size_t xBlockSize; /**< The size of the free block. */
} BlockLink_t;
+/* Setting configENABLE_HEAP_PROTECTOR to 1 enables heap block pointers
+ * protection using an application supplied canary value to catch heap
+ * corruption should a heap buffer overflow occur.
+ */
+#if ( configENABLE_HEAP_PROTECTOR == 1 )
+
+/**
+ * @brief Application provided function to get a random value to be used as canary.
+ *
+ * @param pxHeapCanary [out] Output parameter to return the canary value.
+ */
+ extern void vApplicationGetRandomHeapCanary( portPOINTER_SIZE_TYPE * pxHeapCanary );
+
+/* Canary value for protecting internal heap pointers. */
+ PRIVILEGED_DATA static portPOINTER_SIZE_TYPE xHeapCanary;
+
+
+/* Macro to load/store BlockLink_t pointers to memory. By XORing the
+ * pointers with a random canary value, heap overflows will result
+ * in randomly unpredictable pointer values which will be caught by
+ * heapVALIDATE_BLOCK_POINTER assert. */
+ #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( ( BlockLink_t * ) ( ( ( portPOINTER_SIZE_TYPE ) ( pxBlock ) ) ^ xHeapCanary ) )
+
+#else /* if ( configENABLE_HEAP_PROTECTOR == 1 ) */
+
+ #define heapPROTECT_BLOCK_POINTER( pxBlock ) ( pxBlock )
+
+#endif /* configENABLE_HEAP_PROTECTOR */
+
+/* Highest and lowest heap addresses used for heap block bounds checking. */
+PRIVILEGED_DATA static uint8_t * pucHeapHighAddress = NULL;
+PRIVILEGED_DATA static uint8_t * pucHeapLowAddress = NULL;
+
+/* Assert that a heap block pointer is within the heap bounds. */
+#define heapVALIDATE_BLOCK_POINTER( pxBlock ) \
+ configASSERT( ( pucHeapHighAddress != NULL ) && \
+ ( pucHeapLowAddress != NULL ) && \
+ ( ( uint8_t * ) ( pxBlock ) >= pucHeapLowAddress ) && \
+ ( ( uint8_t * ) ( pxBlock ) < pucHeapHighAddress ) )
+
/*-----------------------------------------------------------*/
/*
@@ -132,8 +175,8 @@
* the block in front it and/or the block behind it if the memory blocks are
* adjacent to each other.
*/
-static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert );
-
+static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) PRIVILEGED_FUNCTION;
+void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) PRIVILEGED_FUNCTION;
/*-----------------------------------------------------------*/
/* The size of the structure placed at the beginning of each allocated memory
@@ -141,15 +184,15 @@
static const size_t xHeapStructSize = ( sizeof( BlockLink_t ) + ( ( size_t ) ( portBYTE_ALIGNMENT - 1 ) ) ) & ~( ( size_t ) portBYTE_ALIGNMENT_MASK );
/* Create a couple of list links to mark the start and end of the list. */
-static BlockLink_t xStart;
-static BlockLink_t * pxEnd = NULL;
+PRIVILEGED_DATA static BlockLink_t xStart;
+PRIVILEGED_DATA static BlockLink_t * pxEnd = NULL;
/* Keeps track of the number of calls to allocate and free memory as well as the
* number of free bytes remaining, but says nothing about fragmentation. */
-static size_t xFreeBytesRemaining = 0U;
-static size_t xMinimumEverFreeBytesRemaining = 0U;
-static size_t xNumberOfSuccessfulAllocations = 0;
-static size_t xNumberOfSuccessfulFrees = 0;
+PRIVILEGED_DATA static size_t xFreeBytesRemaining = 0U;
+PRIVILEGED_DATA static size_t xMinimumEverFreeBytesRemaining = 0U;
+PRIVILEGED_DATA static size_t xNumberOfSuccessfulAllocations = 0;
+PRIVILEGED_DATA static size_t xNumberOfSuccessfulFrees = 0;
/*-----------------------------------------------------------*/
@@ -217,12 +260,14 @@
/* Traverse the list from the start (lowest address) block until
* one of adequate size is found. */
pxPreviousBlock = &xStart;
- pxBlock = xStart.pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock );
+ heapVALIDATE_BLOCK_POINTER( pxBlock );
- while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != NULL ) )
+ while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != heapPROTECT_BLOCK_POINTER( NULL ) ) )
{
pxPreviousBlock = pxBlock;
- pxBlock = pxBlock->pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock );
+ heapVALIDATE_BLOCK_POINTER( pxBlock );
}
/* If the end marker was reached then a block of adequate size
@@ -231,7 +276,8 @@
{
/* Return the memory space pointed to - jumping over the
* BlockLink_t structure at its start. */
- pvReturn = ( void * ) ( ( ( uint8_t * ) pxPreviousBlock->pxNextFreeBlock ) + xHeapStructSize );
+ pvReturn = ( void * ) ( ( ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxPreviousBlock->pxNextFreeBlock ) ) + xHeapStructSize );
+ heapVALIDATE_BLOCK_POINTER( pvReturn );
/* This block is being returned for use so must be taken out
* of the list of free blocks. */
@@ -239,6 +285,8 @@
/* If the block is larger than required it can be split into
* two. */
+ configASSERT( heapSUBTRACT_WILL_UNDERFLOW( pxBlock->xBlockSize, xWantedSize ) == 0 );
+
if( ( pxBlock->xBlockSize - xWantedSize ) > heapMINIMUM_BLOCK_SIZE )
{
/* This block is to be split into two. Create a new
@@ -246,6 +294,7 @@
* cast is used to prevent byte alignment warnings from the
* compiler. */
pxNewBlockLink = ( void * ) ( ( ( uint8_t * ) pxBlock ) + xWantedSize );
+ configASSERT( ( ( ( size_t ) pxNewBlockLink ) & portBYTE_ALIGNMENT_MASK ) == 0 );
/* Calculate the sizes of two blocks split from the
* single block. */
@@ -254,7 +303,7 @@
/* Insert the new block into the list of free blocks. */
pxNewBlockLink->pxNextFreeBlock = pxPreviousBlock->pxNextFreeBlock;
- pxPreviousBlock->pxNextFreeBlock = pxNewBlockLink;
+ pxPreviousBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxNewBlockLink );
}
else
{
@@ -310,6 +359,7 @@
}
#endif /* if ( configUSE_MALLOC_FAILED_HOOK == 1 ) */
+ configASSERT( ( ( ( size_t ) pvReturn ) & ( size_t ) portBYTE_ALIGNMENT_MASK ) == 0 );
return pvReturn;
}
/*-----------------------------------------------------------*/
@@ -328,6 +378,7 @@
/* This casting is to keep the compiler from issuing warnings. */
pxLink = ( void * ) puc;
+ heapVALIDATE_BLOCK_POINTER( pxLink );
configASSERT( heapBLOCK_IS_ALLOCATED( pxLink ) != 0 );
configASSERT( pxLink->pxNextFreeBlock == NULL );
@@ -340,7 +391,12 @@
heapFREE_BLOCK( pxLink );
#if ( configHEAP_CLEAR_MEMORY_ON_FREE == 1 )
{
- ( void ) memset( puc + xHeapStructSize, 0, pxLink->xBlockSize - xHeapStructSize );
+ /* Check for underflow as this can occur if xBlockSize is
+ * overwritten in a heap block. */
+ if( heapSUBTRACT_WILL_UNDERFLOW( pxLink->xBlockSize, xHeapStructSize ) == 0 )
+ {
+ ( void ) memset( puc + xHeapStructSize, 0, pxLink->xBlockSize - xHeapStructSize );
+ }
}
#endif
@@ -398,18 +454,23 @@
}
/*-----------------------------------------------------------*/
-static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert )
+static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) /* PRIVILEGED_FUNCTION */
{
BlockLink_t * pxIterator;
uint8_t * puc;
/* Iterate through the list until a block is found that has a higher address
* than the block being inserted. */
- for( pxIterator = &xStart; pxIterator->pxNextFreeBlock < pxBlockToInsert; pxIterator = pxIterator->pxNextFreeBlock )
+ for( pxIterator = &xStart; heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < pxBlockToInsert; pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )
{
/* Nothing to do here, just iterate to the right position. */
}
+ if( pxIterator != &xStart )
+ {
+ heapVALIDATE_BLOCK_POINTER( pxIterator );
+ }
+
/* Do the block being inserted, and the block it is being inserted after
* make a contiguous block of memory? */
puc = ( uint8_t * ) pxIterator;
@@ -428,17 +489,17 @@
* make a contiguous block of memory? */
puc = ( uint8_t * ) pxBlockToInsert;
- if( ( puc + pxBlockToInsert->xBlockSize ) == ( uint8_t * ) pxIterator->pxNextFreeBlock )
+ if( ( puc + pxBlockToInsert->xBlockSize ) == ( uint8_t * ) heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )
{
- if( pxIterator->pxNextFreeBlock != pxEnd )
+ if( heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) != pxEnd )
{
/* Form one big block from the two blocks. */
- pxBlockToInsert->xBlockSize += pxIterator->pxNextFreeBlock->xBlockSize;
- pxBlockToInsert->pxNextFreeBlock = pxIterator->pxNextFreeBlock->pxNextFreeBlock;
+ pxBlockToInsert->xBlockSize += heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->xBlockSize;
+ pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock )->pxNextFreeBlock;
}
else
{
- pxBlockToInsert->pxNextFreeBlock = pxEnd;
+ pxBlockToInsert->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd );
}
}
else
@@ -446,13 +507,13 @@
pxBlockToInsert->pxNextFreeBlock = pxIterator->pxNextFreeBlock;
}
- /* If the block being inserted plugged a gab, so was merged with the block
+ /* If the block being inserted plugged a gap, so was merged with the block
* before and the block after, then it's pxNextFreeBlock pointer will have
* already been set, and should not be set here as that would make it point
* to itself. */
if( pxIterator != pxBlockToInsert )
{
- pxIterator->pxNextFreeBlock = pxBlockToInsert;
+ pxIterator->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxBlockToInsert );
}
else
{
@@ -461,7 +522,7 @@
}
/*-----------------------------------------------------------*/
-void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions )
+void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) /* PRIVILEGED_FUNCTION */
{
BlockLink_t * pxFirstFreeBlockInRegion = NULL;
BlockLink_t * pxPreviousFreeBlock;
@@ -474,6 +535,12 @@
/* Can only call once! */
configASSERT( pxEnd == NULL );
+ #if ( configENABLE_HEAP_PROTECTOR == 1 )
+ {
+ vApplicationGetRandomHeapCanary( &( xHeapCanary ) );
+ }
+ #endif
+
pxHeapRegion = &( pxHeapRegions[ xDefinedRegions ] );
while( pxHeapRegion->xSizeInBytes > 0 )
@@ -499,19 +566,29 @@
{
/* xStart is used to hold a pointer to the first item in the list of
* free blocks. The void cast is used to prevent compiler warnings. */
- xStart.pxNextFreeBlock = ( BlockLink_t * ) xAlignedHeap;
+ xStart.pxNextFreeBlock = ( BlockLink_t * ) heapPROTECT_BLOCK_POINTER( xAlignedHeap );
xStart.xBlockSize = ( size_t ) 0;
}
else
{
/* Should only get here if one region has already been added to the
* heap. */
- configASSERT( pxEnd != NULL );
+ configASSERT( pxEnd != heapPROTECT_BLOCK_POINTER( NULL ) );
/* Check blocks are passed in with increasing start addresses. */
configASSERT( ( size_t ) xAddress > ( size_t ) pxEnd );
}
+ #if ( configENABLE_HEAP_PROTECTOR == 1 )
+ {
+ if( ( pucHeapLowAddress == NULL ) ||
+ ( ( uint8_t * ) xAlignedHeap < pucHeapLowAddress ) )
+ {
+ pucHeapLowAddress = ( uint8_t * ) xAlignedHeap;
+ }
+ }
+ #endif /* configENABLE_HEAP_PROTECTOR */
+
/* Remember the location of the end marker in the previous region, if
* any. */
pxPreviousFreeBlock = pxEnd;
@@ -523,24 +600,34 @@
xAddress &= ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK );
pxEnd = ( BlockLink_t * ) xAddress;
pxEnd->xBlockSize = 0;
- pxEnd->pxNextFreeBlock = NULL;
+ pxEnd->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( NULL );
/* To start with there is a single free block in this region that is
* sized to take up the entire heap region minus the space taken by the
* free block structure. */
pxFirstFreeBlockInRegion = ( BlockLink_t * ) xAlignedHeap;
pxFirstFreeBlockInRegion->xBlockSize = ( size_t ) ( xAddress - ( portPOINTER_SIZE_TYPE ) pxFirstFreeBlockInRegion );
- pxFirstFreeBlockInRegion->pxNextFreeBlock = pxEnd;
+ pxFirstFreeBlockInRegion->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxEnd );
/* If this is not the first region that makes up the entire heap space
* then link the previous region to this region. */
if( pxPreviousFreeBlock != NULL )
{
- pxPreviousFreeBlock->pxNextFreeBlock = pxFirstFreeBlockInRegion;
+ pxPreviousFreeBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( pxFirstFreeBlockInRegion );
}
xTotalHeapSize += pxFirstFreeBlockInRegion->xBlockSize;
+ #if ( configENABLE_HEAP_PROTECTOR == 1 )
+ {
+ if( ( pucHeapHighAddress == NULL ) ||
+ ( ( ( ( uint8_t * ) pxFirstFreeBlockInRegion ) + pxFirstFreeBlockInRegion->xBlockSize ) > pucHeapHighAddress ) )
+ {
+ pucHeapHighAddress = ( ( uint8_t * ) pxFirstFreeBlockInRegion ) + pxFirstFreeBlockInRegion->xBlockSize;
+ }
+ }
+ #endif
+
/* Move onto the next HeapRegion_t structure. */
xDefinedRegions++;
pxHeapRegion = &( pxHeapRegions[ xDefinedRegions ] );
@@ -561,7 +648,7 @@
vTaskSuspendAll();
{
- pxBlock = xStart.pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( xStart.pxNextFreeBlock );
/* pxBlock will be NULL if the heap has not been initialised. The heap
* is initialised automatically when the first allocation is made. */
@@ -591,7 +678,7 @@
/* Move to the next block in the chain until the last block is
* reached. */
- pxBlock = pxBlock->pxNextFreeBlock;
+ pxBlock = heapPROTECT_BLOCK_POINTER( pxBlock->pxNextFreeBlock );
}
}
}
