libc/syscalls: Add sbrk implementation

The sbrk implementation in newlib's nosys library does not do any bounds
checking to make sure the allocated memory stays within the heap:
https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=libgloss/libnosys/sbrk.c

This version checks for both overflow and underflow.

BRANCH=none
BUG=b:234181908
TEST=./test/run_device_tests.py --board bloonchipper
     => PASS
TEST=./test/run_device_tests.py --board dartmonkey -t sbrk
     => PASS

Change-Id: I0be8caee76776c4a0ddabcf979d08f2f0c430aa0
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4390608
Reviewed-by: Abe Levkoy <alevkoy@chromium.org>

1 files changed, 31 insertions, 0 deletions

diff --git a/libc/syscalls.c b/libc/syscalls.c
index afe92c2d06..1c13e9915d 100644
--- a/libc/syscalls.c
+++ b/libc/syscalls.c
@@ -12,8 +12,11 @@
  */
 
 #include "gettimeofday.h"
+#include "link_defs.h"
 #include "panic.h"
+#include "shared_mem.h"
 #include "software_panic.h"
+#include "system.h"
 #include "task.h"
 #include "uart.h"
 
@@ -92,3 +95,31 @@ int _gettimeofday(struct timeval *restrict tv, void *restrict tz)
 
 	return 0;
 }
+
+/**
+ * Change program's data space by increment bytes.
+ *
+ * This function is called from the libc sbrk() function (which is in turn
+ * called from malloc() when memory needs to be allocated or released).
+ *
+ * @param incr[in] amount to increment or decrement. 0 means return current
+ * program break.
+ * @return the previous program break (address) on success
+ * @return (void*)-1 on error and errno is set to ENOMEM.
+ */
+void *_sbrk(intptr_t incr)
+{
+	static char *heap_end = __shared_mem_buf;
+	char *prev_heap_end;
+
+	if ((heap_end + incr < __shared_mem_buf) ||
+	    (heap_end + incr > (__shared_mem_buf + shared_mem_size()))) {
+		errno = ENOMEM;
+		return (void *)-1;
+	}
+
+	prev_heap_end = heap_end;
+	heap_end += incr;
+
+	return (void *)prev_heap_end;
+}