This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/22375] malloc returns pointer from tcache_get when should return NULL

Iain Buclaw <ibuclaw at gdcproject dot org> changed:

           What    |Removed                     |Added
                 CC|                            |ibuclaw at gdcproject dot org

--- Comment #1 from Iain Buclaw <ibuclaw at gdcproject dot org> ---
Trying out a test program:
#include <assert.h>
#include <stdlib.h>
#include <stdio.h>

int main()
  void* x = malloc(10);
  assert(x != NULL);

  size_t memsize = ~0;  // overflow allocation (ulong.max)
  printf("Calling malloc(%zu), then decrementing "
         "by one until first found failure.\n", memsize);
  while (1)
      void* z = malloc(memsize);
      if (z == NULL)
          printf("First failed call was malloc(%zu)\n", memsize);

$ ./a.out
Calling malloc(18446744073709551615), then decrementing by one until first
found failure.
First failed call was malloc(18446744073709551592)


So it looks like malloc doesn't do the right thing if given a value between
(size_t)~0-23 and (size_t)~0.

You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]