This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/2] malloc/malloc.c: Validate SIZE passed to aligned_alloc.
- From: Will Newton <will dot newton at linaro dot org>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: libc-alpha <libc-alpha at sourceware dot org>, Patch Tracking <patches at linaro dot org>
- Date: Thu, 7 Nov 2013 20:09:24 +0000
- Subject: Re: [PATCH 1/2] malloc/malloc.c: Validate SIZE passed to aligned_alloc.
- Authentication-results: sourceware.org; auth=none
- References: <527BD0C3 dot 4010607 at linaro dot org> <527BD28B dot 8090407 at cs dot ucla dot edu>
On 7 November 2013 17:48, Paul Eggert <eggert@cs.ucla.edu> wrote:
> On 11/07/2013 09:41 AM, Will Newton wrote:
>> The ISO C11 standard specifies that a SIZE passed to aligned_alloc
>> must be a multiple of ALIGNMENT. Aliasing aligned_alloc to memalign
>> does not enforce this restriction, so create a new function that
>> does this validation.
>
> This doesn't look right. See the NEWS file's entry for glibc 2.16, which says:
>
> + aligned_alloc. NB: The code is deliberately allows the size parameter
> to not be a multiple of the alignment. This is a moronic requirement
> in the standard but it is only a requirement on the caller, not the
> implementation.
I disagree with Drepper on this point. If we don't enforce the
contract on callers then it becomes possible for callers to write
non-portable code with glibc aligned_alloc. Admittedly the spec of
aligned_alloc isn't amazingly rigid so writing non-portable code is
possible anyway, but I still think it is worth glibc validating what
is actually written in the spec. If we want to write a function that
implements "almost aligned_alloc" it should really be called something
else IMO.
--
Will Newton
Toolchain Working Group, Linaro