heap: Fix bug when realloc moves data between heaps

When realloc-ing to a smaller buffer size which ends up allocated in a different heap, the heap structure is corrupted. This can only happen: * If heap checking is Comprehensive (meaning buffers are never shrunk in place) and the heap the buffer was originally allocated in is full. * Calling heap_caps_realloc() to deliberately move a buffer to a different capabilities type, and shrink it at the same time. Probable fix for https://github.com/espressif/esp-idf/issues/1582 Probably the same issue: https://www.esp32.com/viewtopic.php?f=2&t=4583 https://www.esp32.com/viewtopic.php?f=13&t=3717
2025-09-22 17:02:25 +00:00 · 2018-02-09 11:41:27 +08:00
parent 62f924544d
commit b7fc067c8c
2 changed files with 51 additions and 1 deletions
--- a/components/heap/heap_caps.c
+++ b/components/heap/heap_caps.c
@@ -309,7 +309,7 @@ IRAM_ATTR void *heap_caps_realloc( void *ptr, size_t size, int caps)
    if (new_p != NULL) {
        size_t old_size = multi_heap_get_allocated_size(heap->heap, ptr);
        assert(old_size > 0);
-        memcpy(new_p, ptr, old_size);
+        memcpy(new_p, ptr, MIN(size, old_size));
        heap_caps_free(ptr);
        return new_p;
    }