coversky2018
commented
6 months ago assertion '*mdbg_get_footer(hdr) == MDBG_FOOTER_MAGIC' failed at lib/libutils/isoc/bget_malloc.c:537
Closed coversky2018 closed 4 months ago
coversky2018
commented
6 months ago assertion '*mdbg_get_footer(hdr) == MDBG_FOOTER_MAGIC' failed at lib/libutils/isoc/bget_malloc.c:537
jenswi-linaro
commented
6 months ago There has been a write beyond the size of an allocated buffer.
coversky2018
commented
5 months ago how to avoid this crash ? does any patch in it ? i am using version 3.8 @jenswi-linaro
jenswi-linaro
commented
5 months ago I'm not aware of this error upstream. Have you made any changes to the source code?
coversky2018
commented
5 months ago @jenswi-linaro nothing change in this version , same code run in different type soc , one is ok , one is wrong
jenswi-linaro
commented
5 months ago Do you mean that git describe gives 3.8.0?
coversky2018
commented
5 months ago @jenswi-linaro this branch is our internal branch name , but the source code copy form the optee upstream about 2 years ago . may be the latest tee has fixed this issue . but it is not the best way to fix this bug .
do you have any guide about this issue ?Where should I do a memory check to prevent memory stampede ?
coversky2018
commented
5 months ago @jenswi-linaro how to avoid write beyond the size of an allocated buffer?
jenswi-linaro
commented
5 months ago I'm sorry, but I can debug your code. The problematic buffer was allocated in mobj_phys_alloc(). I can't tell whether this is an upstream bug or if it has been fixed upstream.
github-actions[bot]
commented
4 months ago This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.
when i dump all teeos use malloc api , i got a crash issue , i do not know why it happend . it seams that this is a assert err , but why ?
5,3630,154367403,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/arch/arm/mm/tee_mm.c:19 5,3631,154367406,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/mm/fobj.c:526 5,3632,154367409,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 28 bytes core/arch/arm/mm/tee_mmu.c:257 5,3633,154367412,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 60 bytes core/arch/arm/kernel/pseudo_ta.c:294 5,3634,154367416,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 88 bytes core/kernel/tee_ta_manager.c:622 5,3635,154367419,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 24 bytes core/arch/arm/mm/mobj.c:533 5,3636,154367422,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/arch/arm/mm/tee_mm.c:19 5,3637,154367425,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/mm/fobj.c:526 5,3638,154367428,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 28 bytes core/arch/arm/mm/tee_mmu.c:257 5,3639,154367431,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 24 bytes core/arch/arm/mm/mobj.c:533 5,3640,154367434,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/arch/arm/mm/tee_mm.c:19 5,3641,154367437,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/mm/fobj.c:526 5,3642,154367440,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 28 bytes core/arch/arm/mm/tee_mmu.c:257 5,3643,154367443,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 24 bytes core/arch/arm/mm/mobj.c:533 5,3644,154367446,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/arch/arm/mm/tee_mm.c:19 5,3645,154367449,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/mm/fobj.c:526 5,3646,154367452,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 28 bytes core/arch/arm/mm/tee_mmu.c:257 5,3647,154367455,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 24 bytes core/arch/arm/mm/mobj.c:533 5,3648,154367458,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/arch/arm/mm/tee_mm.c:19 5,3649,154367461,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 16 bytes core/mm/fobj.c:526 5,3650,154367465,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 408 bytes core/arch/arm/kernel/user_ta.c:6 5,3651,155391279,-;[TEE] 93 5,3652,155391291,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 60 bytes core/arch/arm/kernel/pseudo_ta.c:294 5,3653,155391295,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 28 bytes core/arch/arm/mm/tee_mmu.c:257 5,3654,155391298,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 88 bytes core/kernel/tee_ta_manager.c:622 5,3655,155391302,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 32 bytes core/arch/arm/mm/mobj.c:396 5,3656,155391305,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 32 bytes core/arch/arm/mm/mobj.c:168 5,3657,155391308,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 32 bytes core/arch/arm/mm/mobj.c:168 5,3658,155391311,-;[TEE] I/TC:3 00 gen_mdbg_check:639 buffer: 32 bytes core/arch/arm/mm/mobj.c:168 5,3659,155391314,-;[TEE] E/TC:3 00 assertion '*mdbg_get_footer(hdr) == MDBG_FOOTER_MAGIC' failed at lib/libutils/isoc/bget_malloc.c:537
5,3660,155391317,-;[TEE] E/TC:3 00 Panic at core/kernel/assert.c:28 <_assert_break>
5,3661,155391320,-;[TEE] E/TC:3 00 TEE load address @ 0x24b00000
5,3662,155391323,-;[TEE] E/TC:3 00 Call stack:
5,3663,155391326,-;[TEE] E/TC:3 00 0x24b0a149
5,3664,155391329,-;[TEE] E/TC:3 00 0x24b20a5b
5,3665,155391331,-;[TEE] E/TC:3 00 0x24b205c7
5,3666,155391334,-;[TEE] E/TC:3 00 0x24b3e3e7
5,3667,155391337,-;[TEE] E/TC:3 00 0x24b3eba9
5,3668,155391340,-;[TEE] E/TC:3 00 0x24b21e41
5,3669,155391343,-;[TEE] E/TC:3 00 0x24b061a9
5,3670,155391345,-;[TEE] E/TC:3 00 0x24b2158f
5,3671,155391348,-;[TEE] E/TC:3 00 0x24b0f51d
5,3672,155391351,-;[TEE] E/TC:3 00 0x24b07f15
5,3673,155391353,-;[TEE] E/TC:3 00 0x24b08140