1. 传统漏洞如何迁移

传统的linux的glibc有很多漏洞，但是如何迁移到rtos上？

2. 开源rtos

比如zephyr，freertos等，自己有自己实现的堆管理函数，包括alloc，free，split，merge等，每一个rtos都有自己的实现算法，如何去做到能够迁移glibc中出现的漏洞到这些rtos自身上，有什么工具或者方法吗？
zephyr的部分alloc代码

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

void *sys_heap_alloc(struct sys_heap *heap, size_t bytes)
{
    struct z_heap *h = heap->heap;
    void *mem;
 
    if (bytes == 0U || size_too_big(h, bytes)) {
        return NULL;
    }
 
    chunksz_t chunk_sz = bytes_to_chunksz(h, bytes);
    chunkid_t c = alloc_chunk(h, chunk_sz);
    if (c == 0U) {
        return NULL;
    }
 
    /* Split off remainder if any */
    if (chunk_size(h, c) > chunk_sz) {
        split_chunks(h, c, c + chunk_sz);
        free_list_add(h, c + chunk_sz);
    }
 
    set_chunk_used(h, c, true);
 
    mem = chunk_mem(h, c);
 
#ifdef CONFIG_SYS_HEAP_RUNTIME_STATS
    increase_allocated_bytes(h, chunksz_to_bytes(h, chunk_size(h, c)));
#endif
 
#ifdef CONFIG_SYS_HEAP_LISTENER
    heap_listener_notify_alloc(HEAP_ID_FROM_POINTER(heap), mem,
                   chunksz_to_bytes(h, chunk_size(h, c)));
#endif
 
    IF_ENABLED(CONFIG_MSAN, (__msan_allocated_memory(mem, bytes)));
    return mem;
}
 
void *sys_heap_aligned_alloc(struct sys_heap *heap, size_t align, size_t bytes)
{
    struct z_heap *h = heap->heap;
    size_t gap, rew;
 
    /*
     * Split align and rewind values (if any).
     * We allow for one bit of rewind in addition to the alignment
     * value to efficiently accommodate z_heap_aligned_alloc().
     * So if e.g. align = 0x28 (32 | 8) this means we align to a 32-byte
     * boundary and then rewind 8 bytes.
     */
    rew = align & -align;
    if (align != rew) {
        align -= rew;
        gap = MIN(rew, chunk_header_bytes(h));
    } else {
        if (align <= chunk_header_bytes(h)) {
            return sys_heap_alloc(heap, bytes);
        }
        rew = 0;
        gap = chunk_header_bytes(h);
    }
    __ASSERT((align & (align - 1)) == 0, "align must be a power of 2");
 
    if (bytes == 0 || size_too_big(h, bytes)) {
        return NULL;
    }
 
    /*
     * Find a free block that is guaranteed to fit.
     * We over-allocate to account for alignment and then free
     * the extra allocations afterwards.
     */
    chunksz_t padded_sz = bytes_to_chunksz(h, bytes + align - gap);
    chunkid_t c0 = alloc_chunk(h, padded_sz);
 
    if (c0 == 0) {
        return NULL;
    }
    uint8_t *mem = chunk_mem(h, c0);
 
    /* Align allocated memory */
    mem = (uint8_t *) ROUND_UP(mem + rew, align) - rew;
    chunk_unit_t *end = (chunk_unit_t *) ROUND_UP(mem + bytes, CHUNK_UNIT);
 
    /* Get corresponding chunks */
    chunkid_t c = mem_to_chunkid(h, mem);
    chunkid_t c_end = end - chunk_buf(h);
    CHECK(c >= c0 && c  < c_end && c_end <= c0 + padded_sz);
 
    /* Split and free unused prefix */
    if (c > c0) {
        split_chunks(h, c0, c);
        free_list_add(h, c0);
    }
 
    /* Split and free unused suffix */
    if (right_chunk(h, c) > c_end) {
        split_chunks(h, c, c_end);
        free_list_add(h, c_end);
    }
 
    set_chunk_used(h, c, true);
 
#ifdef CONFIG_SYS_HEAP_RUNTIME_STATS
    increase_allocated_bytes(h, chunksz_to_bytes(h, chunk_size(h, c)));
#endif
 
#ifdef CONFIG_SYS_HEAP_LISTENER
    heap_listener_notify_alloc(HEAP_ID_FROM_POINTER(heap), mem,
                   chunksz_to_bytes(h, chunk_size(h, c)));
#endif
 
    IF_ENABLED(CONFIG_MSAN, (__msan_allocated_memory(mem, bytes)));
    return mem;
}