From 618e165fa738e61ede4668c6907f8ecc85864d36 Mon Sep 17 00:00:00 2001
From: Gaurav Aggarwal <aggarg@amazon.com>
Date: Thu, 4 Aug 2022 16:41:33 +0530
Subject: [PATCH] Fix NULL pointer dereference in vPortGetHeapStats

When the heap is exhausted (no free block), start and end markers are
the only blocks present in the free block list:

     +---------------+     +-----------> NULL
     |               |     |
     |               V     |
+ ----- +            + ----- +
|   |   |            |   |   |
|   |   |            |   |   |
+ ----- +            + ----- +
  xStart               pxEnd

The code block which traverses the list of free blocks to calculate heap
stats used a do..while loop that moved past the end marker when the heap
had no free block resulting in a NULL pointer dereference. This commit
changes the do..while loop to while loop thereby ensuring that we never
move past the end marker.

This was reported here - https://github.com/FreeRTOS/FreeRTOS-Kernel/issues/534

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
---
 portable/MemMang/heap_4.c | 4 ++--
 portable/MemMang/heap_5.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/portable/MemMang/heap_4.c b/portable/MemMang/heap_4.c
index 90a20c54f..834ba2eaf 100644
--- a/portable/MemMang/heap_4.c
+++ b/portable/MemMang/heap_4.c
@@ -494,7 +494,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
          * is initialised automatically when the first allocation is made. */
         if( pxBlock != NULL )
         {
-            do
+            while( pxBlock != pxEnd )
             {
                 /* Increment the number of blocks and record the largest block seen
                  * so far. */
@@ -513,7 +513,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
                 /* Move to the next block in the chain until the last block is
                  * reached. */
                 pxBlock = pxBlock->pxNextFreeBlock;
-            } while( pxBlock != pxEnd );
+            }
         }
     }
     ( void ) xTaskResumeAll();
diff --git a/portable/MemMang/heap_5.c b/portable/MemMang/heap_5.c
index 4fea255b1..193155a45 100644
--- a/portable/MemMang/heap_5.c
+++ b/portable/MemMang/heap_5.c
@@ -544,7 +544,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
          * is initialised automatically when the first allocation is made. */
         if( pxBlock != NULL )
         {
-            do
+            while( pxBlock != pxEnd )
             {
                 /* Increment the number of blocks and record the largest block seen
                  * so far. */
@@ -569,7 +569,7 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats )
                 /* Move to the next block in the chain until the last block is
                  * reached. */
                 pxBlock = pxBlock->pxNextFreeBlock;
-            } while( pxBlock != pxEnd );
+            }
         }
     }
     ( void ) xTaskResumeAll();