From 3b133811d6e2527f640e28e89ab8bd34181889d2 Mon Sep 17 00:00:00 2001 From: Martine Lenders Date: Sun, 5 Jul 2015 00:22:49 +0200 Subject: [PATCH] ng_pktbuf: fix alignment overwrite issue Currently it can happen if there is a spot of size `n` free that a chunk of size `n + 1` is inserted, if `n` is devisable by the word length of the platform. This patch fixes this issue. --- sys/net/crosslayer/ng_pktbuf/_pktbuf_static.c | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/sys/net/crosslayer/ng_pktbuf/_pktbuf_static.c b/sys/net/crosslayer/ng_pktbuf/_pktbuf_static.c index 4b5e5b5f28..9504243fc6 100644 --- a/sys/net/crosslayer/ng_pktbuf/_pktbuf_static.c +++ b/sys/net/crosslayer/ng_pktbuf/_pktbuf_static.c @@ -88,12 +88,10 @@ static inline size_t __total_sz(_used_t *node) } /** - * @brief aligned size with metadata + * @brief aligns @p size to the next word alignment. */ -static inline size_t __al_total_sz(_used_t *node) +static inline size_t _al_sz(size_t size) { - size_t size = __total_sz(node); - if (size % _PKTBUF_ALIGN_BYTES) { return size + (_PKTBUF_ALIGN_BYTES - (size % _PKTBUF_ALIGN_BYTES)); } @@ -102,6 +100,14 @@ static inline size_t __al_total_sz(_used_t *node) } } +/** + * @brief aligned size with metadata + */ +static inline size_t __al_total_sz(_used_t *node) +{ + return _al_sz(__total_sz(node)); +} + /** * @brief Index of an allocation's first byte in buffer */ @@ -141,6 +147,9 @@ static _used_t *_find(_used_t **prev_ptr, _used_t **node_ptr, const void *ptr) return NULL; } +/** + * @brief Allocate chunk of @p size in _buf + */ void *_pktbuf_internal_alloc(size_t size) { _used_t *node = _head(), *old_next, *new_next; @@ -163,9 +172,9 @@ void *_pktbuf_internal_alloc(size_t size) } } - while ((node->next != NULL) + while ((node->next != NULL) /* while not last chunk allocation */ /* and if space between current and next allocation is not big enough */ - && ((_start_idx(node->next) - _end_idx(node)) < _total_sz(size))) { + && ((_start_idx(node->next) - _end_idx(node)) < _al_sz(_total_sz(size)))) { node = node->next; }