This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/22375] malloc returns pointer from tcache_get when should return NULL
- From: "ibuclaw at gdcproject dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 31 Oct 2017 13:52:34 +0000
- Subject: [Bug libc/22375] malloc returns pointer from tcache_get when should return NULL
- Auto-submitted: auto-generated
- References: <bug-22375-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=22375
Iain Buclaw <ibuclaw at gdcproject dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ibuclaw at gdcproject dot org
--- Comment #1 from Iain Buclaw <ibuclaw at gdcproject dot org> ---
Trying out a test program:
---
#include <assert.h>
#include <stdlib.h>
#include <stdio.h>
int main()
{
void* x = malloc(10);
assert(x != NULL);
free(x);
size_t memsize = ~0; // overflow allocation (ulong.max)
printf("Calling malloc(%zu), then decrementing "
"by one until first found failure.\n", memsize);
while (1)
{
void* z = malloc(memsize);
if (z == NULL)
{
printf("First failed call was malloc(%zu)\n", memsize);
break;
}
free(z);
memsize--;
}
}
---
$ ./a.out
Calling malloc(18446744073709551615), then decrementing by one until first
found failure.
First failed call was malloc(18446744073709551592)
---
So it looks like malloc doesn't do the right thing if given a value between
(size_t)~0-23 and (size_t)~0.
--
You are receiving this mail because:
You are on the CC list for the bug.