Fix undefined behavior in pointer comparison

Tedlion · web-flow · commit ec60aa00c6d5 · 2026-01-29T15:47:38.000+08:00
Replace direct pointer comparison with integer comparison in
prvInsertBlockIntoFreeList() to avoid undefined behavior.

According to the C standard, take C11 standard for instance, there is  following description in Section 6.5.8 Relational operators:
"When two pointers are compared, the result depends on the relative locations in the address space of the objects pointed to. If two pointers to object types both point to the same object, or both point one past the last element of the same array object, they compare equal. If the objects pointed to are members of the same aggregate object, pointers to structure members declared later compare greater than pointers to members declared earlier in the structure, and pointers to array elements with larger subscript values compare greater than pointers to elements of the same array with lower subscript values. All pointers to members of the same union object compare equal. If the expression P points to an element of an array object and the expression Q points to the last element of the same array object, the pointer expression Q+1 compares greater than P. In all other cases, the behavior is undefined."

So the comparison "heapPROTECT_BLOCK_POINTER( pxIterator-&gt;pxNextFreeBlock ) &lt; pxBlockToInsert" is UB, and a explicit cast will fix that.
diff --git a/portable/MemMang/heap_4.c b/portable/MemMang/heap_4.c
@@ -508,7 +508,8 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) /* PRIVI
 
     /* Iterate through the list until a block is found that has a higher address
      * than the block being inserted. */
-    for( pxIterator = &xStart; heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < pxBlockToInsert; pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )
+    for( pxIterator = &xStart; ( portPOINTER_SIZE_TYPE ) heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < ( portPOINTER_SIZE_TYPE ) pxBlockToInsert;
+         pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )
     {
         /* Nothing to do here, just iterate to the right position. */
     }

Original file line number	Diff line number	Diff line change
`@@ -508,7 +508,8 @@ static void prvInsertBlockIntoFreeList( BlockLink_t * pxBlockToInsert ) /* PRIVI`
`508`	`508`
`509`	`509`	`/* Iterate through the list until a block is found that has a higher address`
`510`	`510`	`* than the block being inserted. */`
`511`		`- for( pxIterator = &xStart; heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < pxBlockToInsert; pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )`
	`511`	`+ for( pxIterator = &xStart; ( portPOINTER_SIZE_TYPE ) heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) < ( portPOINTER_SIZE_TYPE ) pxBlockToInsert;`
	`512`	`+ pxIterator = heapPROTECT_BLOCK_POINTER( pxIterator->pxNextFreeBlock ) )`
`512`	`513`	`{`
`513`	`514`	`/* Nothing to do here, just iterate to the right position. */`
`514`	`515`	`}`