Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add heap protector to allocted heap blocks #1125

Merged
merged 1 commit into from
Aug 20, 2024

Conversation

Saiiijchan
Copy link
Contributor

@Saiiijchan Saiiijchan commented Aug 20, 2024

Description

When a block was allocated to the user by pvPortMalloc, its pxNextFreeBlock was set to NULL and not XORed with the canary (when configENABLE_HEAP_PROTECTOR was set to 1). As a result, a memory corruption which sets pxNextFreeBlock to zero wont be detected.

This PR XORs pxNextFreeBlock with the canary before returning the block to the user. This would ensure that a memory corruption would get detected if pxNextFreeBlock is modified. The only time it won't be caught is when pxNextFreeBlock is updated to the canary value. Since canary values changes on every run, it is unlikely that a memory corruption would set pxNextFreeBlock to the canary value on every run.

Test Steps

I have tested the FreeRTOS/Demo test on the RISCV platform for heap_4 and heap_5.

Checklist:

  • I have tested my changes. No regression in existing tests.
  • I have modified and/or added unit-tests to cover the code changes in this Pull Request.

Related Issue

https://forums.freertos.org/t/queuestion-about-configenable-heap-protector-in-heap-5/21229

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

When validate those allocated heap block structure, the canary is not used.
Do xor with canary when allocating a new block.

Signed-off-by: wangfei_chen <[email protected]>
@Saiiijchan Saiiijchan requested a review from a team as a code owner August 20, 2024 07:08
Copy link

sonarcloud bot commented Aug 20, 2024

@aggarg aggarg merged commit 18a168b into FreeRTOS:main Aug 20, 2024
16 checks passed
@Saiiijchan Saiiijchan deleted the add-heap-protector branch August 20, 2024 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants