Fixes occasional UMM_POISON failure (esp8266#8953)

* Fixes occasional UMM_POISON failure

Bug introduced with PR fix esp8266#8914.
When a reallocated pointer could not grow in place, a replacement
allocation was created. Then UMM_POISON was written to the wrong block.

* Fix umm_poison data corruption on realloc when memory move is used.

Bug introduced with PR fix esp8266#8914

* refactored to resolve unused error in some build contexts

Author: mhightower83

cores/esp8266/umm_malloc/umm_malloc.cpp

@@ -928,7 +928,7 @@ void *umm_realloc(void *ptr, size_t size) {
 
     uint16_t c;
 
-    size_t curSize;
+    [[maybe_unused]] size_t curSize;
 
     UMM_CHECK_INITIALIZED();
 
@@ -1089,7 +1089,8 @@ void *umm_realloc(void *ptr, size_t size) {
         STATS__FREE_BLOCKS_UPDATE(-prevBlockSize);
         STATS__FREE_BLOCKS_ISR_MIN();
         blockSize += prevBlockSize;
-        POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size);  // Fix allocation so ISR poison check is good
+        // Fix new allocation such that poison checks from an ISR pass.
+        POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
         UMM_CRITICAL_SUSPEND(id_realloc);
         UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
         ptr = (void *)&UMM_DATA(c);
@@ -1111,7 +1112,7 @@ void *umm_realloc(void *ptr, size_t size) {
         #else
         blockSize += (prevBlockSize + nextBlockSize);
         #endif
-        POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size);
+        POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
         UMM_CRITICAL_SUSPEND(id_realloc);
         UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
         ptr = (void *)&UMM_DATA(c);
@@ -1123,7 +1124,7 @@ void *umm_realloc(void *ptr, size_t size) {
         void *oldptr = ptr;
         if ((ptr = umm_malloc_core(_context, size))) {
             DBGLOG_DEBUG("realloc %i to a bigger block %i, copy, and free the old\n", blockSize, blocks);
-            POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size);
+            (void)POISON_CHECK_SET_POISON(ptr, size);
             UMM_CRITICAL_SUSPEND(id_realloc);
             UMM_POISON_MEMCPY(ptr, oldptr, curSize);
             UMM_CRITICAL_RESUME(id_realloc);
@@ -1186,7 +1187,8 @@ void *umm_realloc(void *ptr, size_t size) {
             blockSize = blocks;
             #endif
         }
-        POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size);
+        // Fix new allocation such that poison checks from an ISR pass.
+        POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
         UMM_CRITICAL_SUSPEND(id_realloc);
         UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
         ptr = (void *)&UMM_DATA(c);
@@ -1204,7 +1206,7 @@ void *umm_realloc(void *ptr, size_t size) {
         void *oldptr = ptr;
         if ((ptr = umm_malloc_core(_context, size))) {
             DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks);
-            POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size);
+            (void)POISON_CHECK_SET_POISON(ptr, size);
             UMM_CRITICAL_SUSPEND(id_realloc);
             UMM_POISON_MEMCPY(ptr, oldptr, curSize);
             UMM_CRITICAL_RESUME(id_realloc);
@@ -1230,7 +1232,7 @@ void *umm_realloc(void *ptr, size_t size) {
         void *oldptr = ptr;
         if ((ptr = umm_malloc_core(_context, size))) {
             DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks);
-            POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size);
+            (void)POISON_CHECK_SET_POISON(ptr, size);
             UMM_CRITICAL_SUSPEND(id_realloc);
             UMM_POISON_MEMCPY(ptr, oldptr, curSize);
             UMM_CRITICAL_RESUME(id_realloc);

cores/esp8266/umm_malloc/umm_malloc_cfg.h

@@ -619,8 +619,16 @@ extern bool  umm_poison_check(void);
 void *umm_poison_realloc_fl(void *ptr, size_t size, const char *file, int line);
 void  umm_poison_free_fl(void *ptr, const char *file, int line);
 #define POISON_CHECK_SET_POISON(p, s) get_poisoned(p, s)
-#define UMM_POISON_SKETCH_PTR(p) ((void*)((uintptr_t)p + sizeof(UMM_POISONED_BLOCK_LEN_TYPE) + UMM_POISON_SIZE_BEFORE))
-#define UMM_POISON_SKETCH_PTRSZ(s) (s - sizeof(UMM_POISONED_BLOCK_LEN_TYPE) - UMM_POISON_SIZE_BEFORE  - UMM_POISON_SIZE_AFTER)
+#define POISON_CHECK_SET_POISON_BLOCKS(p, s) \
+    do { \
+        size_t super_size = (s * sizeof(umm_block)) - (sizeof(((umm_block *)0)->header)); \
+        get_poisoned(p, super_size); \
+    } while (false)
+#define UMM_POISON_SKETCH_PTR(p) ((void *)((uintptr_t)p + sizeof(UMM_POISONED_BLOCK_LEN_TYPE) + UMM_POISON_SIZE_BEFORE))
+#define UMM_POISON_SKETCH_PTRSZ(p) (*(UMM_POISONED_BLOCK_LEN_TYPE *)p)
+#define UMM_POISON_MEMMOVE(t, p, s) memmove(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(p))
+#define UMM_POISON_MEMCPY(t, p, s) memcpy(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(p))
+
 #if defined(UMM_POISON_CHECK_LITE)
 /*
     * We can safely do individual poison checks at free and realloc and stay
@@ -641,13 +649,11 @@ void  umm_poison_free_fl(void *ptr, const char *file, int line);
 #define POISON_CHECK() 1
 #define POISON_CHECK_NEIGHBORS(c) do {} while (false)
 #define POISON_CHECK_SET_POISON(p, s) (p)
-#define UMM_POISON_SKETCH_PTR(p) (p)
-#define UMM_POISON_SKETCH_PTRSZ(s) (s)
+#define POISON_CHECK_SET_POISON_BLOCKS(p, s)
+#define UMM_POISON_MEMMOVE(t, p, s) memmove((t), (p), (s))
+#define UMM_POISON_MEMCPY(t, p, s) memcpy((t), (p), (s))
 #endif
 
-#define UMM_POISON_MEMMOVE(t, p, s) memmove(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(s))
-#define UMM_POISON_MEMCPY(t, p, s) memcpy(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(s))
-
 #if defined(UMM_POISON_CHECK) || defined(UMM_POISON_CHECK_LITE)
 /*
  * Overhead adjustments needed for free_blocks to express the number of bytes