This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] fix to malloc checking

From: James Lemke <jwlemke at codesourcery dot com>
To: Andreas Schwab <schwab at linux-m68k dot org>
Cc: <libc-alpha at sourceware dot org>
Date: Tue, 11 Nov 2014 16:43:39 -0500
Subject: Re: [PATCH] fix to malloc checking
Authentication-results: sourceware.org; auth=none
References: <5462592E dot 9050301 at codesourcery dot com> <87ppctij7h dot fsf at igel dot home> <54627D3A dot 1030300 at codesourcery dot com> <87lhnhifup dot fsf at igel dot home>

On 11/11/2014 04:31 PM, Andreas Schwab wrote:

-      if (c <= 0 || size < (c + 2 * SIZE_SZ))

>>> >-        {
>>> >-          malloc_printerr (check_action, "malloc_check_get_size: memory corruption",
>>> >-                           chunk2mem (p));
>>> >-          return 0;
>>> >-        }
>>> >+      if (size - c <= 2 * SIZE_SZ)
>>> >+	     break;

>>
>>If c > size then the difference wraps around.

>
>That would indicate memory corruption and the loop would terminate,
>which it should.

This condition will not terminate it, and the next iteration will cause
size to wrap around.


Err, yes.  size is unsigned so you are correct.  Thanks for the input.

I will re-write the 3 instances of this test as:
    if (size <= c + 2 * SIZE_SZ)

Otherwise OK?

--
Jim Lemke, GNU Tools Sourcerer
Mentor Graphics / CodeSourcery
Orillia Ontario,  +1-613-963-1073

References:
- [PATCH] fix to malloc checking
  - From: James Lemke
- Re: [PATCH] fix to malloc checking
  - From: Andreas Schwab
- Re: [PATCH] fix to malloc checking
  - From: James Lemke
- Re: [PATCH] fix to malloc checking
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]