[rtems commit] Add RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE
Sebastian Huber
sebh at rtems.org
Tue Jun 5 07:13:21 UTC 2018
Module: rtems
Branch: master
Commit: de9b7d712bf5da6593386fd4fbca0d5f8b8431d8
Changeset: http://git.rtems.org/rtems/commit/?id=de9b7d712bf5da6593386fd4fbca0d5f8b8431d8
Author: Sebastian Huber <sebastian.huber at embedded-brains.de>
Date: Fri Jun 1 07:04:45 2018 +0200
Add RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE
An invalid heap usage such as a double free is usually a fatal error
since this indicates a use after free. Replace the use of printk() in
free() with a fatal error.
Update #3437.
---
cpukit/include/rtems/score/interr.h | 7 ++++++
cpukit/libcsupport/src/free.c | 7 +-----
cpukit/sapi/src/fatalsrctext.c | 3 ++-
testsuites/libtests/malloc03/init.c | 28 +++++++++++++++-------
testsuites/sptests/Makefile.am | 10 ++++++++
testsuites/sptests/configure.ac | 1 +
testsuites/sptests/spfatal32/spfatal32.doc | 12 ++++++++++
testsuites/sptests/spfatal32/spfatal32.scn | 7 ++++++
testsuites/sptests/spfatal32/testcase.h | 27 +++++++++++++++++++++
testsuites/sptests/spinternalerror02/init.c | 2 +-
.../spinternalerror02/spinternalerror02.scn | 1 +
11 files changed, 88 insertions(+), 17 deletions(-)
diff --git a/cpukit/include/rtems/score/interr.h b/cpukit/include/rtems/score/interr.h
index 3144952..f09072d 100644
--- a/cpukit/include/rtems/score/interr.h
+++ b/cpukit/include/rtems/score/interr.h
@@ -131,6 +131,13 @@ typedef enum {
RTEMS_FATAL_SOURCE_PANIC = 11,
/**
+ * @brief Fatal source for invalid C program heap frees via free().
+ *
+ * The fatal code is the bad pointer.
+ */
+ RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE = 12,
+
+ /**
* @brief The last available fatal source.
*
* This enum value ensures that the enum type needs at least 32-bits for
diff --git a/cpukit/libcsupport/src/free.c b/cpukit/libcsupport/src/free.c
index 9020958..d8dd2bd 100644
--- a/cpukit/libcsupport/src/free.c
+++ b/cpukit/libcsupport/src/free.c
@@ -38,12 +38,7 @@ void free(
}
if ( !_Protected_heap_Free( RTEMS_Malloc_Heap, ptr ) ) {
- printk( "Program heap: free of bad pointer %p -- range %p - %p \n",
- ptr,
- (void*) RTEMS_Malloc_Heap->area_begin,
- (void*) RTEMS_Malloc_Heap->area_end
- );
+ rtems_fatal( RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE, (rtems_fatal_code) ptr );
}
-
}
#endif
diff --git a/cpukit/sapi/src/fatalsrctext.c b/cpukit/sapi/src/fatalsrctext.c
index 4b02234..2331b6c 100644
--- a/cpukit/sapi/src/fatalsrctext.c
+++ b/cpukit/sapi/src/fatalsrctext.c
@@ -38,7 +38,8 @@ static const char *const fatal_source_text[] = {
"RTEMS_FATAL_SOURCE_STACK_CHECKER",
"RTEMS_FATAL_SOURCE_EXCEPTION",
"RTEMS_FATAL_SOURCE_SMP",
- "RTEMS_FATAL_SOURCE_PANIC"
+ "RTEMS_FATAL_SOURCE_PANIC",
+ "RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE"
};
const char *rtems_fatal_source_text( rtems_fatal_source source )
diff --git a/testsuites/libtests/malloc03/init.c b/testsuites/libtests/malloc03/init.c
index 9e2b04d..89c147b 100644
--- a/testsuites/libtests/malloc03/init.c
+++ b/testsuites/libtests/malloc03/init.c
@@ -12,14 +12,10 @@
#endif
#include <tmacros.h>
-#include "test_support.h"
const char rtems_test_name[] = "MALLOC 3";
-/* forward declarations to avoid warnings */
-rtems_task Init(rtems_task_argument argument);
-
-rtems_task Init(
+static rtems_task Init(
rtems_task_argument argument
)
{
@@ -30,10 +26,21 @@ rtems_task Init(
p1 = __builtin_frame_address(0);
printf("Attempt to free stack memory\n");
free( p1 );
+}
- TEST_END();
-
- rtems_test_exit(0);
+static void fatal_extension(
+ rtems_fatal_source source,
+ bool always_set_to_false,
+ rtems_fatal_code error
+)
+{
+ if (
+ source == RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE
+ && !always_set_to_false
+ && error != 0
+ ) {
+ TEST_END();
+ }
}
/* configuration information */
@@ -42,7 +49,10 @@ rtems_task Init(
#define CONFIGURE_APPLICATION_DOES_NOT_NEED_CLOCK_DRIVER
#define CONFIGURE_MAXIMUM_TASKS 1
-#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
+
+#define CONFIGURE_INITIAL_EXTENSIONS \
+ { .fatal = fatal_extension }, \
+ RTEMS_TEST_INITIAL_EXTENSION
#define CONFIGURE_RTEMS_INIT_TASKS_TABLE
diff --git a/testsuites/sptests/Makefile.am b/testsuites/sptests/Makefile.am
index 1d8f153..8519702 100644
--- a/testsuites/sptests/Makefile.am
+++ b/testsuites/sptests/Makefile.am
@@ -1098,6 +1098,16 @@ spfatal31_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_FLAGS_spfatal31) \
$(support_includes)
endif
+if TEST_spfatal32
+sp_tests += spfatal32
+sp_screens += spfatal32/spfatal32.scn
+sp_docs += spfatal32/spfatal32.doc
+spfatal32_SOURCES = spfatal_support/init.c spfatal_support/system.h \
+ spfatal32/testcase.h
+spfatal32_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_FLAGS_spfatal32) \
+ $(support_includes) -I$(top_srcdir)/spfatal32
+endif
+
if TEST_spfifo01
sp_tests += spfifo01
sp_screens += spfifo01/spfifo01.scn
diff --git a/testsuites/sptests/configure.ac b/testsuites/sptests/configure.ac
index fee86ab..db213b9 100644
--- a/testsuites/sptests/configure.ac
+++ b/testsuites/sptests/configure.ac
@@ -157,6 +157,7 @@ RTEMS_TEST_CHECK([spfatal28])
RTEMS_TEST_CHECK([spfatal29])
RTEMS_TEST_CHECK([spfatal30])
RTEMS_TEST_CHECK([spfatal31])
+RTEMS_TEST_CHECK([spfatal32])
RTEMS_TEST_CHECK([spfifo01])
RTEMS_TEST_CHECK([spfifo02])
RTEMS_TEST_CHECK([spfifo03])
diff --git a/testsuites/sptests/spfatal32/spfatal32.doc b/testsuites/sptests/spfatal32/spfatal32.doc
new file mode 100644
index 0000000..6d09b95
--- /dev/null
+++ b/testsuites/sptests/spfatal32/spfatal32.doc
@@ -0,0 +1,12 @@
+This file describes the directives and concepts tested by this test set.
+
+test set name: spfatal32
+
+directives:
+
+ - free()
+
+concepts:
+
+ - Provoke an invalid free of heap memory and ensure that the right fatal
+ source and code occurs.
diff --git a/testsuites/sptests/spfatal32/spfatal32.scn b/testsuites/sptests/spfatal32/spfatal32.scn
new file mode 100644
index 0000000..15e39e4
--- /dev/null
+++ b/testsuites/sptests/spfatal32/spfatal32.scn
@@ -0,0 +1,7 @@
+*** TEST VERSION: 5.0.0.dea4bbe3746699627931ecd94fc437ae66bf9158
+*** TEST STATE: EXPECTED-PASS
+*** TEST BUILD: RTEMS_DEBUG RTEMS_NETWORKING RTEMS_POSIX_API RTEMS_SMP
+*** TEST TOOLS: 7.3.0 20180125 (RTEMS 5, RSB 6d9c77c77d271d1fc2dfe8493d6713930b52a6dd, Newlib 3.0.0)
+Fatal error (invalid free of heap memory) hit
+
+*** END OF TEST SPFATAL 32 ***
diff --git a/testsuites/sptests/spfatal32/testcase.h b/testsuites/sptests/spfatal32/testcase.h
new file mode 100644
index 0000000..8e77062
--- /dev/null
+++ b/testsuites/sptests/spfatal32/testcase.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2018 embedded brains GmbH. All rights reserved.
+ *
+ * embedded brains GmbH
+ * Dornierstr. 4
+ * 82178 Puchheim
+ * Germany
+ * <rtems at embedded-brains.de>
+ *
+ * The license and distribution terms for this file may be
+ * found in the file LICENSE in this distribution or at
+ * http://www.rtems.org/license/LICENSE.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#define FATAL_ERROR_TEST_NAME "32"
+#define FATAL_ERROR_DESCRIPTION "invalid free of heap memory"
+#define FATAL_ERROR_EXPECTED_SOURCE RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE
+#define FATAL_ERROR_EXPECTED_ERROR 1
+
+void force_error()
+{
+ uintptr_t invalid = 1;
+ free((void *) invalid);
+}
diff --git a/testsuites/sptests/spinternalerror02/init.c b/testsuites/sptests/spinternalerror02/init.c
index 36c2e5d..7b65369 100644
--- a/testsuites/sptests/spinternalerror02/init.c
+++ b/testsuites/sptests/spinternalerror02/init.c
@@ -53,7 +53,7 @@ static void test_fatal_source_text(void)
puts( text );
} while ( text != text_last );
- rtems_test_assert( source - 3 == RTEMS_FATAL_SOURCE_PANIC );
+ rtems_test_assert( source - 3 == RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE );
}
static void test_status_text(void)
diff --git a/testsuites/sptests/spinternalerror02/spinternalerror02.scn b/testsuites/sptests/spinternalerror02/spinternalerror02.scn
index 50cb604..08dae2e 100644
--- a/testsuites/sptests/spinternalerror02/spinternalerror02.scn
+++ b/testsuites/sptests/spinternalerror02/spinternalerror02.scn
@@ -45,6 +45,7 @@ RTEMS_FATAL_SOURCE_STACK_CHECKER
RTEMS_FATAL_SOURCE_EXCEPTION
RTEMS_FATAL_SOURCE_SMP
RTEMS_FATAL_SOURCE_PANIC
+RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE
?
?
RTEMS_SUCCESSFUL
More information about the vc
mailing list