Fix NULL pointer dereference in vPortGetHeapStats
When the heap is exhausted (no free block), start and end markers are
the only blocks present in the free block list:
+---------------+ +-----------> NULL
| | |
| V |
+ ----- + + ----- +
| | | | | |
| | | | | |
+ ----- + + ----- +
xStart pxEnd
The code block which traverses the list of free blocks to calculate heap
stats used a do..while loop that moved past the end marker when the heap
had no free block resulting in a NULL pointer dereference. This commit
changes the do..while loop to while loop thereby ensuring that we never
move past the end marker.
This was reported here - https://github.com/FreeRTOS/FreeRTOS-Kernel/issues/534
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
diff --git a/portable/MemMang/heap_4.c b/portable/MemMang/heap_4.c
index 90a20c5..834ba2e 100644
--- a/portable/MemMang/heap_4.c
+++ b/portable/MemMang/heap_4.c
@@ -494,7 +494,7 @@
* is initialised automatically when the first allocation is made. */
if( pxBlock != NULL )
{
- do
+ while( pxBlock != pxEnd )
{
/* Increment the number of blocks and record the largest block seen
* so far. */
@@ -513,7 +513,7 @@
/* Move to the next block in the chain until the last block is
* reached. */
pxBlock = pxBlock->pxNextFreeBlock;
- } while( pxBlock != pxEnd );
+ }
}
}
( void ) xTaskResumeAll();
diff --git a/portable/MemMang/heap_5.c b/portable/MemMang/heap_5.c
index 4fea255..193155a 100644
--- a/portable/MemMang/heap_5.c
+++ b/portable/MemMang/heap_5.c
@@ -544,7 +544,7 @@
* is initialised automatically when the first allocation is made. */
if( pxBlock != NULL )
{
- do
+ while( pxBlock != pxEnd )
{
/* Increment the number of blocks and record the largest block seen
* so far. */
@@ -569,7 +569,7 @@
/* Move to the next block in the chain until the last block is
* reached. */
pxBlock = pxBlock->pxNextFreeBlock;
- } while( pxBlock != pxEnd );
+ }
}
}
( void ) xTaskResumeAll();
