This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/22375] malloc returns pointer from tcache_get when should return NULL
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 31 Oct 2017 20:06:46 +0000
- Subject: [Bug libc/22375] malloc returns pointer from tcache_get when should return NULL
- Auto-submitted: auto-generated
- References: <bug-22375-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=22375
--- Comment #7 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Arjun Shankar from comment #6)
> Iain, just noticed your comment. You are of course right. The correct macro
> is checked_request2size (defined earlier in malloc/malloc.c). Nice find!
Arjun,
Could you test the change to use checked_request2size?
To test it I think we need to add a test to glibc, I suggest something like
this:
* Assume that all architectures are limited to 50-bits of physical memory, and
that anything with more than 50-bits of size is going to fail.
* In a loop, loop through all remaining 14-bit values, shifted up to 64-bits,
and make sure each one returns ENOMEM. Note that tst-malloc.c has *one* test
for this, and we want to cover the whole range of larger than physical memory
allocations to make sure we don't have any bugs.
* Do the loop for malloc.
* Do the loop for calloc.
* Do the loop for a small constant malloc, followed by a realloc for the small
constant malloc (with the invalid size), and a free (to free the original
malloc).
That should cover the major paths. It should also be a fast test to do because
it's just checking we covered all the overflow paths.
If it verifies, please submit to libc-alpha for discussion. Thanks!
--
You are receiving this mail because:
You are on the CC list for the bug.