nano-mallocr: Prevent NULL pointer de-reference in free_list

The existing code checked if there was a chunk in free_list and that the tail was not the next chunk. The check if there is a chunk is not needed since it's already known but the case of a single chunk in free_list needs to be handled differently.
2023-02-17 06:56:49 +01:00 · 2023-02-17 06:56:49 +01:00 · c8397ae817
parent 5011c8cc48
commit c8397ae817
1 changed files with 14 additions and 5 deletions
--- a/newlib/libc/stdlib/nano-mallocr.c
+++ b/newlib/libc/stdlib/nano-mallocr.c
@ -333,14 +333,23 @@ void * nano_malloc(RARG malloc_size_t s)
               {
                   p->size += alloc_size;

-                   /* Remove chunk from free_list */
+                   /* Remove chunk from free_list. Since p != NULL there is
+                      at least one chunk */
                   r = free_list;
-                   while (r && p != r->next)
+                   if (r->next == NULL)
+                   {
+                       /* There is only a single chunk, remove it */
+                       free_list = NULL;
+                   }
+                   else
+                   {
+                       /* Search for the chunk before the one to be removed */
+                       while (p != r->next)
                       {
                           r = r->next;
                       }
                       r->next = NULL;
-
+                   }
                   r = p;
               }
               else