• State TI Thinks Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 99 subscribers
  • Views 872 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Why doesn't IPC HeapBufMP_free check for invalid free?

Smriti Verma
Prodigy 140 points

checked ti_sdo_ipc_heaps_HeapBufMP_free() in ipc_1_25_01_09. There's no check for invalid free(double free). Why?

  • 0
    TI__Guru* 96960 points
    What device are you using? This thread needs to be moved to the appropriate forum based on this: e2e.ti.com/.../453414

    Todd
  • 0 in reply to Smriti Verma
    TI__Guru* 96960 points
    Thanks. I moved this thread to the device forum.

    Todd
  • 0
    TI__Mastermind 43955 points

    Hi Smriti Verma,

    My guess is that, inside the function, HeapBufMP_free () they would have had a check whether it was already freed or not.
    By the way, did you come across any problem in using that function? Through what error you came to know that there is no check for invalid free? Would you mention the name of the file you refer to ?

    And sometimes, it is unlikely that we will discover a bug of this sort. And you are free to insert the checking code as well.

    For more info, please visit
    downloads.ti.com/.../index.html

  • 0 in reply to Shankari G
    Prodigy 140 points

    Filename : \ipc_1_25_01_09\packages\ti\sdo\ipc\heaps\HeapBufMP.c

    Function name :ti_sdo_ipc_heaps_HeapBufMP_free

    Void ti_sdo_ipc_heaps_HeapBufMP_free(ti_sdo_ipc_heaps_HeapBufMP_Object *obj,
    Ptr block, SizeT size)
    {
    IArg key;

    Assert_isTrue(((UInt32)block >= (UInt32)obj->buf) &&
    ((UInt32)block < ((UInt32)obj->buf + obj->blockSize * obj->numBlocks)),
    ti_sdo_ipc_heaps_HeapBufMP_A_invBlockFreed);

    /* Assert that 'addr' is block-aligned */
    Assert_isTrue((UInt32)block % obj->align == 0,
    ti_sdo_ipc_heaps_HeapBufMP_A_badAlignment);

    /*
    * Invalidate entire block make sure stale cache data isn't
    * evicted later
    */
    if (obj->cacheEnabled) {
    Cache_inv(block, obj->attrs->blockSize, Cache_Type_ALL, FALSE);
    }

    /* Enter the gate */
    key = GateMP_enter((GateMP_Handle)obj->gate);

    ListMP_putTail((ListMP_Handle)obj->freeList, block);

    ......

    }

    ListMP_putTail does not check if the block is already in freeList.