This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 1/2] malloc/malloc.c: Validate SIZE passed to aligned_alloc.


On 7 November 2013 17:48, Paul Eggert <eggert@cs.ucla.edu> wrote:
> On 11/07/2013 09:41 AM, Will Newton wrote:
>> The ISO C11 standard specifies that a SIZE passed to aligned_alloc
>> must be a multiple of ALIGNMENT. Aliasing aligned_alloc to memalign
>> does not enforce this restriction, so create a new function that
>> does this validation.
>
> This doesn't look right.  See the NEWS file's entry for glibc 2.16, which says:
>
>   + aligned_alloc.  NB: The code is deliberately allows the size parameter
>     to not be a multiple of the alignment.  This is a moronic requirement
>     in the standard but it is only a requirement on the caller, not the
>     implementation.

I disagree with Drepper on this point. If we don't enforce the
contract on callers then it becomes possible for callers to write
non-portable code with glibc aligned_alloc. Admittedly the spec of
aligned_alloc isn't amazingly rigid so writing non-portable code is
possible anyway, but I still think it is worth glibc validating what
is actually written in the spec. If we want to write a function that
implements "almost aligned_alloc" it should really be called something
else IMO.

-- 
Will Newton
Toolchain Working Group, Linaro


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]