This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: DJ Delorie <dj at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 27 Dec 2018 09:32:30 -0200
- Subject: Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
- References: <xntvj6l12l.fsf@greed.delorie.com>
On 22/12/2018 00:58, DJ Delorie wrote:
>
> I'm not a fan of removing the existing overflow checks, because malloc
> security depends on a very robust logic, and we already have a macro
> that detects too-large allocations.
The overflow checks are not removed, I just removed the REQUEST_OUT_OF_RANGE
and checked_request2size (which check for invalid sizes with patch assumption)
and add explicit overflow check when required.
>
> Also, your code does not allow allocations up to PTRDIFF_MAX, but to
> some number smaller than that.
>
The actual requested size might indeed be slight larger (request2size),
and afaik it might still interfere internally with compiler assumption
that total requested size is no larger than PTRDIFF_MAX. Should we
ignore this assumption internally and just check for PTRDIFF_MAX without
taking in consideration the possible padsize?