From 2e284ac8cbfd5d20bd0958a7506a49b2d34e3109 Mon Sep 17 00:00:00 2001
From: "eunwoo.nam" <eunwoo.nam@samsung.com>
Date: Mon, 15 Jul 2024 17:23:49 +0900
Subject: [PATCH] kmm_realloc: fix crash issue case of oldmem is NULL

if oldmem argument is NULL, we should call the malloc(). It is posix rule.
But now, if oldmem is NULL, mm_get_heap returns NULL. So we get crash.

So, Add checking NULL.
And Change to so that, if oldmem is out of heap address, we can get a assertion.

Signed-off-by: eunwoo.nam <eunwoo.nam@samsung.com>
---
 os/mm/kmm_heap/kmm_realloc.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/os/mm/kmm_heap/kmm_realloc.c b/os/mm/kmm_heap/kmm_realloc.c
index d65fbbb67b..2d367e6107 100644
--- a/os/mm/kmm_heap/kmm_realloc.c
+++ b/os/mm/kmm_heap/kmm_realloc.c
@@ -144,21 +144,30 @@ FAR void *kmm_realloc(FAR void *oldmem, size_t newsize)
 	mmaddress_t caller_retaddr = 0;
 	ARCH_GET_RET_ADDRESS(caller_retaddr)
 #endif
-	struct mm_heap_s *kheap_origin = mm_get_heap(oldmem);
+	struct mm_heap_s *kheap_origin;
 	struct mm_heap_s *kheap_new;
 
-	if (newsize == 0) {
-		mm_free(kheap_origin, oldmem);
-		return NULL;
-	}
+	if (oldmem) {
+		kheap_origin = mm_get_heap(oldmem);
+
+		/* The oldmem given by first argument is not a dynamically
+		 * allocated address. This will cause ASSERT like Linux.
+		 */
+		ASSERT(kheap_origin);
+
+		if (newsize == 0) {
+			mm_free(kheap_origin, oldmem);
+			return NULL;
+		}
 
 #ifdef CONFIG_DEBUG_MM_HEAPINFO
-	ret = mm_realloc(kheap_origin, oldmem, newsize, caller_retaddr);
+		ret = mm_realloc(kheap_origin, oldmem, newsize, caller_retaddr);
 #else
-	ret = mm_realloc(kheap_origin, oldmem, newsize);
+		ret = mm_realloc(kheap_origin, oldmem, newsize);
 #endif
-	if (ret != NULL) {
-		return ret;
+		if (ret != NULL) {
+			return ret;
+		}
 	}
 
 	/* Try to mm_malloc to another heap. */