mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-22 04:50:07 +00:00
9bf8e29ca1
As discussed previously on libc-alpha [1], this patch follows up the idea and add both the __attribute_alloc_size__ on malloc functions (malloc, calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit maximum requested allocation size to up PTRDIFF_MAX (taking into consideration internal padding and alignment). This aligns glibc with gcc expected size defined by default warning -Walloc-size-larger-than value which warns for allocation larger than PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and expected size, such as described in PR#67999 [2] and previously discussed ISO C11 issues [3] on libc-alpha. From the RFC thread [4] and previous discussion, it seems that consensus is only to limit such requested size for malloc functions, not the system allocation one (mmap, sbrk, etc.). The implementation changes checked_request2size to check for both overflow and maximum object size up to PTRDIFF_MAX. No additional checks are done on sysmalloc, so it can still issue mmap with values larger than PTRDIFF_T depending on the requested size. The __attribute_alloc_size__ is for functions that return a pointer only, which means it cannot be applied to posix_memalign (see remarks in GCC PR#87683 [5]). The runtimes checks to limit maximum requested allocation size does applies to posix_memalign. Checked on x86_64-linux-gnu and i686-linux-gnu. [1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html [2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999 [3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html [4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html [5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683 [BZ #23741] * malloc/hooks.c (malloc_check, realloc_check): Use __builtin_add_overflow on overflow check and adapt to checked_request2size change. * malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign, __libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum allocation size to PTRDIFF_MAX. (REQUEST_OUT_OF_RANGE): Remove macro. (checked_request2size): Change to inline function and limit maximum requested size to PTRDIFF_MAX. (__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit maximum allocation size to PTRDIFF_MAX. (_mid_memalign): Use _int_memalign call for overflow check. (__libc_pvalloc): Use __builtin_add_overflow on overflow check. (__libc_calloc): Use __builtin_mul_overflow for overflow check and limit maximum requested size to PTRDIFF_MAX. * malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign, valloc, pvalloc): Add __attribute_alloc_size__. * stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise. * malloc/tst-malloc-too-large.c (do_test): Add check for allocation larger than PTRDIFF_MAX. * malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than= around tests of malloc with negative sizes. * malloc/tst-posix_memalign.c (do_test): Likewise. * malloc/tst-pvalloc.c (do_test): Likewise. * malloc/tst-valloc.c (do_test): Likewise. * malloc/tst-reallocarray.c (do_test): Replace call to reallocarray with resulting size allocation larger than PTRDIFF_MAX with reallocarray_nowarn. (reallocarray_nowarn): New function. * NEWS: Mention the malloc function semantic change. |
||
|---|---|---|
| .. | ||
| alloc_buffer_alloc_array.c | ||
| alloc_buffer_allocate.c | ||
| alloc_buffer_copy_bytes.c | ||
| alloc_buffer_copy_string.c | ||
| alloc_buffer_create_failure.c | ||
| arena.c | ||
| Depend | ||
| dynarray_at_failure.c | ||
| dynarray_emplace_enlarge.c | ||
| dynarray_finalize.c | ||
| dynarray_resize_clear.c | ||
| dynarray_resize.c | ||
| dynarray-skeleton.c | ||
| dynarray.h | ||
| hooks.c | ||
| Makefile | ||
| malloc-hooks.h | ||
| malloc-internal.h | ||
| malloc.c | ||
| malloc.h | ||
| mallocbug.c | ||
| mcheck-init.c | ||
| mcheck.c | ||
| mcheck.h | ||
| memusage.c | ||
| memusage.sh | ||
| memusagestat.c | ||
| morecore.c | ||
| mtrace.c | ||
| mtrace.pl | ||
| obstack.c | ||
| obstack.h | ||
| reallocarray.c | ||
| scratch_buffer_grow_preserve.c | ||
| scratch_buffer_grow.c | ||
| scratch_buffer_set_array_size.c | ||
| set-freeres.c | ||
| thread-freeres.c | ||
| tst-alloc_buffer.c | ||
| tst-calloc.c | ||
| tst-dynarray-at-fail.c | ||
| tst-dynarray-fail.c | ||
| tst-dynarray-shared.h | ||
| tst-dynarray.c | ||
| tst-interpose-aux-nothread.c | ||
| tst-interpose-aux-thread.c | ||
| tst-interpose-aux.c | ||
| tst-interpose-aux.h | ||
| tst-interpose-nothread.c | ||
| tst-interpose-skeleton.c | ||
| tst-interpose-static-nothread.c | ||
| tst-interpose-static-thread.c | ||
| tst-interpose-thread.c | ||
| tst-malloc_info.c | ||
| tst-malloc-backtrace.c | ||
| tst-malloc-fork-deadlock.c | ||
| tst-malloc-stats-cancellation.c | ||
| tst-malloc-tcache-leak.c | ||
| tst-malloc-thread-exit.c | ||
| tst-malloc-thread-fail.c | ||
| tst-malloc-too-large.c | ||
| tst-malloc-usable-static-tunables.c | ||
| tst-malloc-usable-static.c | ||
| tst-malloc-usable-tunables.c | ||
| tst-malloc-usable.c | ||
| tst-malloc.c | ||
| tst-mallocfork2.c | ||
| tst-mallocfork.c | ||
| tst-mallocstate.c | ||
| tst-mallopt.c | ||
| tst-mcheck.c | ||
| tst-memalign.c | ||
| tst-mtrace.c | ||
| tst-mtrace.sh | ||
| tst-obstack.c | ||
| tst-posix_memalign.c | ||
| tst-pvalloc.c | ||
| tst-realloc.c | ||
| tst-reallocarray.c | ||
| tst-scratch_buffer.c | ||
| tst-tcfree1.c | ||
| tst-tcfree2.c | ||
| tst-tcfree3.c | ||
| tst-trim1.c | ||
| tst-valloc.c | ||
| Versions | ||