This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: DJ Delorie <dj at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 27 Dec 2018 09:32:30 -0200
- Subject: Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
- References: <firstname.lastname@example.org>
On 22/12/2018 00:58, DJ Delorie wrote:
> I'm not a fan of removing the existing overflow checks, because malloc
> security depends on a very robust logic, and we already have a macro
> that detects too-large allocations.
The overflow checks are not removed, I just removed the REQUEST_OUT_OF_RANGE
and checked_request2size (which check for invalid sizes with patch assumption)
and add explicit overflow check when required.
> Also, your code does not allow allocations up to PTRDIFF_MAX, but to
> some number smaller than that.
The actual requested size might indeed be slight larger (request2size),
and afaik it might still interfere internally with compiler assumption
that total requested size is no larger than PTRDIFF_MAX. Should we
ignore this assumption internally and just check for PTRDIFF_MAX without
taking in consideration the possible padsize?