Skip to content

Add check so that FlashIAP does not allocate memory on flash_init failure #12531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 5, 2020
Merged

Add check so that FlashIAP does not allocate memory on flash_init failure #12531

merged 1 commit into from
Mar 5, 2020

Conversation

dustin-crossman
Copy link
Contributor

Summary of changes

Adds a check to ensure FlashIAP does not allocate memory (with new[]) if a targets flash_init() call fails.

This fixes: #12439

Note: I did not add a similar check to the deinit to prevent calling delete[] on _page_buf if flash_free fails. There are a couple reasons for this:

  1. If flash_init() succeeds but flash_free() fails _page_buf will be valid and should be deleted (though the underlying targets flash driver may be in an undefined state. This can't really be prevented at the FlashIAP level).
  2. If flash_init() fails it is not valid to call FlashIAP::deinit (though it sounds like there is no documentation for that yet? Is that right @0xc0170 ?). If the user calls FlashIAP::deinit anyway it is safe to call delete[] on a null ptr.

Impact of changes

Migration actions required

Documentation

None

Pull request type 

[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[x] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

This can't really be tested programmatically since there is no way to modify a targets mbed_hal implementation during a test but I ran the mbed_hal-flash and mbed_drivers-flashiap tests under two different conditions.

Condition 1: pr/flashiap_fix branch with no changes:
mbed_hal-flash passes
mbed_drivers-flashiap passes

Condition 2: pr/flashiap_fix branch with flash_init() modified to always return failure:
mbed_hal-flash fails (as expected)
mbed_drivers-flashiap fails (as expected) but with no OOM error.

Reviewers

@mergify mergify bot added the needs: work label Feb 27, 2020
@ciarmcom ciarmcom requested review from a team February 27, 2020 20:00
@ciarmcom
Copy link
Member

@dustin-crossman, thank you for your changes.
@ARMmbed/mbed-os-core @ARMmbed/mbed-os-maintainers please review.

evedon
evedon previously approved these changes Feb 28, 2020
View reviewed changes
Copy link
Contributor

@evedon evedon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Astyle issue should be fixed but otherwise code change looks good.

@mergify mergify bot dismissed evedon’s stale review February 28, 2020 17:59

Pull request has been modified.

@dustin-crossman
Copy link
Contributor Author

@evedon Fixed up!

@0xc0170
Copy link
Contributor

0xc0170 commented Mar 2, 2020

CI started

@mergify mergify bot added needs: CI and removed needs: review labels Mar 2, 2020
@0xc0170
Copy link
Contributor

0xc0170 commented Mar 2, 2020

If flash_init() fails it is not valid to call FlashIAP::deinit (though it sounds like there is no documentation for that yet? Is that right @0xc0170 ?). If the user calls FlashIAP::deinit anyway it is safe to call delete[] on a null ptr.

Correct, I don't see any undefined behavor specified in this driver, yet.

@mergify mergify bot added needs: work and removed needs: CI labels Mar 2, 2020
@mbed-ci
Copy link

mbed-ci commented Mar 2, 2020

Test run: FAILED

Summary: 2 of 7 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_cloud-client-pytest
  • jenkins-ci/mbed-os-ci_greentea-test

@0xc0170
Copy link
Contributor

0xc0170 commented Mar 4, 2020

CI restarted

@mergify mergify bot added needs: work and removed needs: CI labels Mar 4, 2020
@mbed-ci
Copy link

mbed-ci commented Mar 4, 2020

Test run: FAILED

Summary: 1 of 7 test jobs failed
Build number : 2
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_cloud-client-pytest

@0xc0170
Copy link
Contributor

0xc0170 commented Mar 5, 2020

Client restarted

@0xc0170 0xc0170 merged commit ea3761f into ARMmbed:master Mar 5, 2020
@mergify mergify bot removed the ready for merge label Mar 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xc0170 0xc0170 0xc0170 approved these changes

@evedon evedon evedon approved these changes

Assignees
No one assigned
Labels
release-version: 6.0.0-alpha-3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FlashIAP::init - Possible memory leak/OOM error
5 participants
@dustin-crossman @ciarmcom @0xc0170 @mbed-ci @evedon