I’m implementing heap analysis and find configENABLE_HEAP_PROTECTOR is very useful to validate free heap list items.
But when validate those allocated heap block structure, it seems that the canary is not used.
The pxNextFreeBlock of a allocated heap block structure is still NULL which not do xor with canary.
--- a/portable/MemMang/heap_5.c
+++ b/portable/MemMang/heap_5.c
@@ -333,7 +333,7 @@ void * pvPortMalloc( size_t xWantedSize )
/* The block is being returned - it is allocated and owned
* by the application and has no "next" block. */
heapALLOCATE_BLOCK( pxBlock );
- pxBlock->pxNextFreeBlock = NULL;
+ pxBlock->pxNextFreeBlock = heapPROTECT_BLOCK_POINTER( NULL );
xNumberOfSuccessfulAllocations++;
}
Of course! I have made the changes as you said. Right now I’m testing heap_5 for full test which has been running for 4 hours and it looks good. Later I will test heap_4 and raise a PR.
Sorry to bother you. When reading the source code of heap_5, I have a question.
After call vPortDefineHeapRegions() that define multiple heap region, there is a "pxFakeEnd (yellow)“ at the bottom of each heap region. The red block is the real pxEnd. But if a block(blue) adjacent to yellow need to be released, it seems that the yellow and blue will be combined into a block.
The size of the “pxFakeEnd” is set to 0. As a result, the following check in the prvInsertBlockIntoFreeList won’t succeed (assuming that the 2 memory regions are not contiguous) -
Thank you for explaining - I understand it now. You are right but the code would still work as expected because the free list would still be continuous.
Thank you for confirming my understanding. I won’t raise a PR to keep “pxFakeEnd” in the free list if it dose not influence heap management.
By the way, when use configENABLE_HEAP_PROTECTOR, the macro heapVALIDATE_BLOCK_POINTER seems to have certaion limitations in heap_5.
Because heap_5 is used for multiple separated memory spaces. However, this macro only verifies the highest and lowest addresses. Because the memory space is scattered, this address may be located in a location that does not belong to an heap region, but is still between the highest and lowest addresses.
I’m trying to improve it but it seems a bit difficult.