Heap protection check bad address

Sebastian Huber sebastian.huber at embedded-brains.de
Tue May 14 05:03:21 UTC 2019

On 14/05/2019 01:04, Chris Johns wrote:
> Hi,
> I chased down a buffer overwrite bug in libdl (#3746). On the powerpc and sparc
> the test dl05.exe crashed and on xilinx_zynq_a9_qemu I got a heap protection
> error on free. This was really nice however it is a mission to take that error
> message and figure out the block address that is the cause. A had to add a
> couple of additional prints to get the block address and with that I could set a
> watch point that triggered on the invalid write. The patch to fix the bug was
> the easy part.
> Would a bad block variable set by the error handler that can be inspected by a
> debugger or exit handler be useful?

The default is currently:

   static void _Heap_Protection_block_error_default(
     Heap_Control *heap,
     Heap_Block *block
     /* FIXME */
     _Terminate( INTERNAL_ERROR_CORE, 0xdeadbeef );


     heap->Protection.block_initialize = 
     heap->Protection.block_check = _Heap_Protection_block_check_default;
     heap->Protection.block_error = _Heap_Protection_block_error_default;

You can set your own block_error handler. It would be probably good to 
replace the _Terminate( INTERNAL_ERROR_CORE, 0xdeadbeef ) with something 
similar to the assert() fatal error (without the printk()):

void __assert_func(
   const char *file,
   int         line,
   const char *func,
   const char *failedexpr
   rtems_assert_context assert_context = {
     .file = file,
     .line = line,
     .function = func,
     .failed_expression = failedexpr

   printk("assertion \"%s\" failed: file \"%s\", line %d%s%s\n",
     (func) ? ", function: " : "",
     (func) ? func : ""
   rtems_fatal( RTEMS_FATAL_SOURCE_ASSERT, (rtems_fatal_code) 
&assert_context );

Sebastian Huber, embedded brains GmbH

Address : Dornierstr. 4, D-82178 Puchheim, Germany
Phone   : +49 89 189 47 41-16
Fax     : +49 89 189 47 41-09
E-Mail  : sebastian.huber at embedded-brains.de
PGP     : Public key available on request.

Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.

More information about the devel mailing list