[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ptrdiff_t overflow checks for malloc-posix etc.

From: Paul Eggert
Subject: ptrdiff_t overflow checks for malloc-posix etc.
Date: Sat, 17 Apr 2021 19:02:13 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1

I installed the attached patches into Gnulib to make its malloc replacements ptrdiff_t safe. This should help us move in a direction where we can use idx_t (which is signed and therefore safer) for sizes and indexes, instead of using size_t.

In creating these patches I found a reasonable amount of cruft of which I tried to clean up some (see ChangeLog entry). If I went too far please let me know and I’ll work to unclean it.

I initially attempted to come up with new modules malloc-ptrdiff_t, etc. but ran into complexity issues with all the possible combinations the various malloc modules. So instead, I simply added the fixes to malloc-posix, realloc-posix, and realloc-posix, where they will automatically percolate into malloc-gnu etc.

Come to think of it, why do we have both malloc-gnu and malloc-posix modules (and similarly for calloc and realloc)? Was it because GNU realloc was incompatible with C99 realloc, so we needed realloc-gnu vs realloc-posix modules? If so, I suggest that we stop worrying about it, as that worry is now obsolete - C17 allows the GNU behavior.

In other words, I suggest that we remove malloc-posix, realloc-posix and calloc-posix, or failing that simply make them obsolete compatibility aliases for malloc-gnu etc. This would simplify the configuration of malloc-using code, and any runtime cost would surely be insignificant (and would occur only on older or non-GNU hosts).

The first attached patch does the heavy lifting; the second shows how the xalloc module can be simplified because of the malloc etc. fixes. Other simplifications are possible elsewhere; one step at a time.

Attachment: 0001-malloc-etc.-check-for-ptrdiff_t-overflow.patch
Description: Text Data

Attachment: 0002-xalloc-adjust-to-malloc-ptrdiff_t-change.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]