Fix NULL pointer dereference in vPortGetHeapStats

aggarg · paulbartell · commit 618e165fa738 · 2022-08-04T09:57:59.000-07:00
When the heap is exhausted (no free block), start and end markers are the only blocks present in the free block list: +---------------+ +-----------> NULL | | | | V | + ----- + + ----- + | | | | | | | | | | | | + ----- + + ----- + xStart pxEnd The code block which traverses the list of free blocks to calculate heap stats used a do..while loop that moved past the end marker when the heap had no free block resulting in a NULL pointer dereference. This commit changes the do..while loop to while loop thereby ensuring that we never move past the end marker. This was reported here - #534 Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
diff --git a/portable/MemMang/heap_4.c b/portable/MemMang/heap_4.c
@@ -494,7 +494,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
          * is initialised automatically when the first allocation is made. */
         if( pxBlock != NULL )
         {
-            do
+            while( pxBlock != pxEnd )
             {
                 /* Increment the number of blocks and record the largest block seen
                  * so far. */
@@ -513,7 +513,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
                 /* Move to the next block in the chain until the last block is
                  * reached. */
                 pxBlock = pxBlock->pxNextFreeBlock;
-            } while( pxBlock != pxEnd );
+            }
         }
     }
     ( void ) xTaskResumeAll();
diff --git a/portable/MemMang/heap_5.c b/portable/MemMang/heap_5.c
@@ -544,7 +544,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
          * is initialised automatically when the first allocation is made. */
         if( pxBlock != NULL )
         {
-            do
+            while( pxBlock != pxEnd )
             {
                 /* Increment the number of blocks and record the largest block seen
                  * so far. */
@@ -569,7 +569,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
                 /* Move to the next block in the chain until the last block is
                  * reached. */
                 pxBlock = pxBlock->pxNextFreeBlock;
-            } while( pxBlock != pxEnd );
+            }
         }
     }
     ( void ) xTaskResumeAll();

Original file line number	Diff line number	Diff line change
`@@ -494,7 +494,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )`
`494`	`494`	`* is initialised automatically when the first allocation is made. */`
`495`	`495`	`if( pxBlock != NULL )`
`496`	`496`	`{`
`497`		`- do`
	`497`	`+ while( pxBlock != pxEnd )`
`498`	`498`	`{`
`499`	`499`	`/* Increment the number of blocks and record the largest block seen`
`500`	`500`	`* so far. */`
`@@ -513,7 +513,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )`
`513`	`513`	`/* Move to the next block in the chain until the last block is`
`514`	`514`	`* reached. */`
`515`	`515`	`pxBlock = pxBlock->pxNextFreeBlock;`
`516`		`- } while( pxBlock != pxEnd );`
	`516`	`+ }`
`517`	`517`	`}`
`518`	`518`	`}`
`519`	`519`	`( void ) xTaskResumeAll();`
Original file line number	Diff line number	Diff line change
`@@ -544,7 +544,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )`
`544`	`544`	`* is initialised automatically when the first allocation is made. */`
`545`	`545`	`if( pxBlock != NULL )`
`546`	`546`	`{`
`547`		`- do`
	`547`	`+ while( pxBlock != pxEnd )`
`548`	`548`	`{`
`549`	`549`	`/* Increment the number of blocks and record the largest block seen`
`550`	`550`	`* so far. */`
`@@ -569,7 +569,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )`
`569`	`569`	`/* Move to the next block in the chain until the last block is`
`570`	`570`	`* reached. */`
`571`	`571`	`pxBlock = pxBlock->pxNextFreeBlock;`
`572`		`- } while( pxBlock != pxEnd );`
	`572`	`+ }`
`573`	`573`	`}`
`574`	`574`	`}`
`575`	`575`	`( void ) xTaskResumeAll();`