diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2018-07-23 12:16:09 +1000 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2018-07-23 12:16:09 +1000 |
commit | 85bce8b2f06d17a909d9e20358630a2034f381ff (patch) | |
tree | 1a59ab5e5423a547393b67d0791925b132bbf4c3 | |
parent | 57f7f9e7bc7cbcf1eb4dc00692d0229c73057d69 (diff) | |
download | dtc-85bce8b2f06d17a909d9e20358630a2034f381ff.zip dtc-85bce8b2f06d17a909d9e20358630a2034f381ff.tar.gz dtc-85bce8b2f06d17a909d9e20358630a2034f381ff.tar.bz2 |
tests: Correction to vg_prepare_blob()
vg_prepare_blob() assumes a valid return from fdt_num_mem_rsv() in order
to make sensible initialization of the valgrind mem checker. Usually
that's fine, but it breaks down on the (deliberately corrupted)
truncated_memrsv testcase.
That led to marking a negative-size (== enormously sized once cast to
size_t) as defined with VALGRIND_MAKE_MEM_DEFINED, which casued valgrind
to freeze up and consume ludicrous amounts of memory until OOMing.
This correction makes us robust in that case.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r-- | tests/testutils.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/tests/testutils.c b/tests/testutils.c index 378869a..75e3e20 100644 --- a/tests/testutils.c +++ b/tests/testutils.c @@ -168,18 +168,22 @@ void vg_prepare_blob(void *fdt, size_t bufsize) { char *blob = fdt; int off_memrsv, off_strings, off_struct; + int num_memrsv; size_t size_memrsv, size_strings, size_struct; - size_memrsv = (fdt_num_mem_rsv(fdt) + 1) - * sizeof(struct fdt_reserve_entry); + off_memrsv = fdt_off_mem_rsvmap(fdt); + num_memrsv = fdt_num_mem_rsv(fdt); + if (num_memrsv < 0) + size_memrsv = fdt_totalsize(fdt) - off_memrsv; + else + size_memrsv = (num_memrsv + 1) + * sizeof(struct fdt_reserve_entry); VALGRIND_MAKE_MEM_UNDEFINED(blob, bufsize); VALGRIND_MAKE_MEM_DEFINED(blob, FDT_V1_SIZE); VALGRIND_MAKE_MEM_DEFINED(blob, fdt_header_size(fdt)); if (fdt_magic(fdt) == FDT_MAGIC) { - off_memrsv = fdt_off_mem_rsvmap(fdt); - off_strings = fdt_off_dt_strings(fdt); if (fdt_version(fdt) >= 3) size_strings = fdt_size_dt_strings(fdt); @@ -192,8 +196,6 @@ void vg_prepare_blob(void *fdt, size_t bufsize) else size_struct = fdt_totalsize(fdt) - off_struct; } else if (fdt_magic(fdt) == FDT_SW_MAGIC) { - off_memrsv = fdt_off_mem_rsvmap(fdt); - size_strings = fdt_size_dt_strings(fdt); off_strings = fdt_off_dt_strings(fdt) - size_strings; |