summaryrefslogtreecommitdiff
path: root/payloads
diff options
context:
space:
mode:
Diffstat (limited to 'payloads')
-rw-r--r--payloads/libpayload/libc/malloc.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/payloads/libpayload/libc/malloc.c b/payloads/libpayload/libc/malloc.c
index 82bae3c66e..7756a3bc49 100644
--- a/payloads/libpayload/libc/malloc.c
+++ b/payloads/libpayload/libc/malloc.c
@@ -37,6 +37,9 @@
* We're also susceptible to the usual buffer overrun poisoning, though the
* risk is within acceptable ranges for this implementation (don't overrun
* your buffers, kids!).
+ *
+ * The header format (hdrtype_t) supports heaps of up to 32MiB (given that int
+ * is 32 bits long).
*/
#define IN_MALLOC_C
@@ -51,14 +54,15 @@ typedef unsigned int hdrtype_t;
#define MAGIC (0x2a << 26)
#define FLAG_FREE (1 << 25)
-#define FLAG_USED (1 << 24)
+#define SIZE_BITS 25
+#define MAX_SIZE ((1 << SIZE_BITS) - 1)
-#define SIZE(_h) ((_h) & 0xFFFFFF)
+#define SIZE(_h) ((_h) & MAX_SIZE)
-#define _HEADER(_s, _f) ((hdrtype_t) (MAGIC | (_f) | ((_s) & 0xFFFFFF)))
+#define _HEADER(_s, _f) ((hdrtype_t) (MAGIC | (_f) | ((_s) & MAX_SIZE)))
#define FREE_BLOCK(_s) _HEADER(_s, FLAG_FREE)
-#define USED_BLOCK(_s) _HEADER(_s, FLAG_USED)
+#define USED_BLOCK(_s) _HEADER(_s, 0)
#define HDRSIZE (sizeof(hdrtype_t))
@@ -91,7 +95,7 @@ static void *alloc(int len)
/* Align the size. */
len = (len + 3) & ~3;
- if (!len || len > 0xffffff)
+ if (!len || len > MAX_SIZE)
return (void *)NULL;
/* Make sure the region is setup correctly. */