michallenc opened a new pull request, #17495: URL: https://github.com/apache/nuttx/pull/17495
## Summary The original condition incorrectly used `&h->chunk` instead of `h->chunk` in the calculation whether the object is in the chunk. This could lead to the wrong behavior as the first branch gave incorrect result and thus sometimes the entire obstack was freed even though object was not `NULL`. The commit also simplifies the logic, we can use pointer arithmetic here and just do h->chunk + 1 as it gives the same result as `(FAR char *)h->chunk + sizeof(struct _obstack_chunk)`. This saves unnecessary cast and `sizeof`. The second branch should be less than or equal, not just less than. This ensures the object is correctly located in the chunk even after previous `obstack_finish` was called. ## Impact Fixes the undefined behavior of `obstack_free` call. ## Testing It's pretty hard to reliably reproduce the incorrect behavior as it depends on the address of the pointer to `h->chunk`. The check still might succeed if it is located near the original pointer. Different location however might cause the branch is never triggered and the entire obstack is freed. This issue doesn't occur after the fix as the obstack is located correctly. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
