masc2008 opened a new pull request, #19146:
URL: https://github.com/apache/nuttx/pull/19146
## Summary
Reject oversized granule heaps in `gran_initialize()`.
`struct gran_s` and `struct graninfo_s` store granule counts in
`uint16_t`, so
a large pool with a small granule size can silently truncate `ngranules`
during initialization and produce an invalid handle.
This patch adds a debug assertion and returns `NULL` with `EINVAL` when the
computed granule count does not fit.
## Changes
- add a `DEBUGASSERT()` to catch oversized granule counts in debug builds
- return `NULL` with `errno = EINVAL` when the computed `ngranules` is
zero or
exceeds `UINT16_MAX`
## Why this is needed
For example, a 16 MiB pool with 64-byte granules computes:
- `ngranules = 16 MiB / 64 = 262144`
That does not fit in the current 16-bit `ngranules` fields and truncates,
leading to a broken allocator handle.
Failing early is safer than silently constructing an invalid granule heap.
## Impact
- valid granule heaps are unchanged
- oversized heaps now fail cleanly at initialization instead of failing
later in
less obvious ways
## Testing
- code inspection against current `struct gran_s` / `struct graninfo_s`
definitions
- verified the guard is inserted before allocator metadata allocation
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
