Summary: | posix_memalign() invalid write if alignment == 0 | ||
---|---|---|---|
Product: | [Developer tools] valgrind | Reporter: | Gabriel Ganne <gabriel.ganne> |
Component: | memcheck | Assignee: | Julian Seward <jseward> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gabriel.ganne, philippe.waroquiers |
Priority: | NOR | ||
Version: | 3.13.0 | ||
Target Milestone: | --- | ||
Platform: | Debian stable | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Attachments: | posix_memalign() test |
Fix committed as 846aee3e402c4430139cce011ab8420f434532d1 and d9204e9eedc8a671e6f035318d28cb55440c3a8b. Note that I only added the additional condition checking for 0 alignment, as the assignment to mem has no effect (the result is in *memptr) and posix_memalign man states: "On Linux (and other systems), posix_memalign() does not modify memptr on failure. A requirement standardizing this behavior was added in POSIX.1-2016." Thanks for the bug and analysis Great thanks ! |
Created attachment 111999 [details] posix_memalign() test Hi, The attached file tests posix_memalign() with an invalid alignment of 0. The expected behavior is for posix_memalign() to return EINVAL and to leave memptr untouched, or to set it to NULL. I propose the following patch I made on valgrind-3.13.0 sources : * add a test on alignment == 0 * set mem to NULL explicitely so as to be validly test its value after calling posix_memalign() on failure --- ./coregrind/m_replacemalloc/vg_replace_malloc.c.orig +++ ./coregrind/m_replacemalloc/vg_replace_malloc.c @@ -997,11 +997,11 @@ int VG_REPLACE_FUNCTION_EZU(10160,soname,fnname) \ ( void **memptr, SizeT alignment, SizeT size ) \ { \ - void *mem; \ + void *mem = NULL; \ \ /* Test whether the alignment argument is valid. It must be \ a power of two multiple of sizeof (void *). */ \ - if (alignment % sizeof (void *) != 0 \ + if (alignment == 0 || alignment % sizeof (void *) != 0 \ || (alignment & (alignment - 1)) != 0) \ return VKI_EINVAL; \ \