[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ptrdiff_t overflow checks for malloc-posix etc.

From: Bruno Haible
Subject: Re: ptrdiff_t overflow checks for malloc-posix etc.
Date: Sun, 09 May 2021 18:46:45 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-206-generic; KDE/5.18.0; x86_64; ; )

Paul Eggert wrote:
> I installed the attached patches into Gnulib to make its malloc 
> replacements ptrdiff_t safe.

When testing m4-1.4.18b on IRIX 6.5, I get a test failure:

FAIL: test-reallocarray

Let's look in detail:

$ ./test-reallocarray ; echo $?

There is a call
  p = realloc (NULL, 2*1073741824);
which returns NULL with errno being 0.

Since the 'reallocarray' module depends on 'realloc-gnu', and the
'realloc-gnu' and 'realloc-posix' documentation says:

  Portability problems fixed by Gnulib:
  Upon failure, the function does not set @code{errno} to @code{ENOMEM} on
  some platforms:
  mingw, MSVC 14.

  On some platforms, @code{realloc (p, n)} can succeed even if @code{n}
  exceeds @code{PTRDIFF_MAX}.  Although this behavior is arguably
  allowed by POSIX it can lead to behavior not defined by POSIX later,
  so @code{realloc-posix} does not allow going over the limit.
  @end itemize

So, what the documentation implies and what the reallocarray unit test
verifies is that
  realloc (NULL, n)  where n > PTRDIFF_MAX
1) returns NULL and
2) sets errno to ENOMEM.

On IRIX (in n32 ABI), expectation 1) is fulfilled but 2) is not.
Likewise for malloc and calloc.

I'm adding two patches
  - to make sure that the 'realloc-gnu' unit test already fails in this
  - to fix 'realloc-gnu' on IRIX, so that it actually compiles the
    replacement code lib/realloc.c.

2021-05-09  Bruno Haible  <bruno@clisp.org>

        malloc-gnu, realloc-gnu, calloc-gnu: Ensure errno gets set on IRIX.
        * m4/malloc.m4 (gl_CHECK_MALLOC_POSIX): Require AC_CANONICAL_HOST. Set
        gl_cv_func_malloc_posix to 'no' also on IRIX.

        malloc-gnu, realloc-gnu, calloc-gnu tests: Verify errno is set.
        * tests/test-malloc-gnu.c: Include <errno.h>.
        (main): Verify that, when an allocation larger than PTRDIFF_MAX failed,
        errno is ENOMEM.
        * tests/test-realloc-gnu.c: Likewise.
        * tests/test-calloc-gnu.c: Likewise.

Attachment: 0001-malloc-gnu-realloc-gnu-calloc-gnu-tests-Verify-errno.patch
Description: Text Data

Attachment: 0002-malloc-gnu-realloc-gnu-calloc-gnu-Ensure-errno-gets-.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]