(nuttx) 02/03: mm: fix kasan report error when delay free is enabled

[xiaoxiang]

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git

commit 3d8b50477944f22ae7d8784cd7765c954d424cf1
Author: Xu Xingliang <xuxingli...@xiaomi.com>
AuthorDate: Thu Mar 21 10:37:37 2024 +0800

    mm: fix kasan report error when delay free is enabled
    
    Signed-off-by: Xu Xingliang <xuxingli...@xiaomi.com>
---
 mm/mm_heap/mm_free.c | 13 ++++++++++++-
 mm/tlsf/mm_tlsf.c    | 13 ++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/mm/mm_heap/mm_free.c b/mm/mm_heap/mm_free.c
index 013c155142..19a8a744a1 100644
--- a/mm/mm_heap/mm_free.c
+++ b/mm/mm_heap/mm_free.c
@@ -102,7 +102,18 @@ void mm_delayfree(FAR struct mm_heap_s *heap, FAR void 
*mem, bool delay)
 
   nodesize = mm_malloc_size(heap, mem);
 #ifdef CONFIG_MM_FILL_ALLOCATIONS
-  memset(mem, MM_FREE_MAGIC, nodesize);
+#if CONFIG_MM_FREE_DELAYCOUNT_MAX > 0
+  /* If delay free is enabled, a memory node will be freed twice.
+   * The first time is to add the node to the delay list, and the second
+   * time is to actually free the node. Therefore, we only colorize the
+   * memory node the first time, when `delay` is set to true.
+   */
+
+  if (delay)
+#endif
+    {
+      memset(mem, MM_FREE_MAGIC, nodesize);
+    }
 #endif
 
   kasan_poison(mem, nodesize);
diff --git a/mm/tlsf/mm_tlsf.c b/mm/tlsf/mm_tlsf.c
index f97022d4a3..25040a7e72 100644
--- a/mm/tlsf/mm_tlsf.c
+++ b/mm/tlsf/mm_tlsf.c
@@ -595,7 +595,18 @@ static void mm_delayfree(FAR struct mm_heap_s *heap, FAR 
void *mem,
       size_t size = mm_malloc_size(heap, mem);
       UNUSED(size);
 #ifdef CONFIG_MM_FILL_ALLOCATIONS
-      memset(mem, MM_FREE_MAGIC, size);
+#if CONFIG_MM_FREE_DELAYCOUNT_MAX > 0
+  /* If delay free is enabled, a memory node will be freed twice.
+   * The first time is to add the node to the delay list, and the second
+   * time is to actually free the node. Therefore, we only colorize the
+   * memory node the first time, when `delay` is set to true.
+   */
+
+  if (delay)
+#endif
+    {
+      memset(mem, MM_FREE_MAGIC, nodesize);
+    }
 #endif
 
       kasan_poison(mem, size);