about summary refs log tree commit diff
path: root/malloc
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2020-01-17 15:05:34 +0100
committerFlorian Weimer <fweimer@redhat.com>2020-01-17 15:05:34 +0100
commit768c83b7f60d82db6677e19dc51be9f341e0f3fc (patch)
treed38258b8e7d496bfde38947163597b60764ebff4 /malloc
parent70ba28f7ab2923d4e36ffc9d5d2e32357353b25c (diff)
downloadglibc-768c83b7f60d82db6677e19dc51be9f341e0f3fc.tar.gz
glibc-768c83b7f60d82db6677e19dc51be9f341e0f3fc.tar.xz
glibc-768c83b7f60d82db6677e19dc51be9f341e0f3fc.zip
Remove incorrect alloc_size attribute from pvalloc [BZ #25401]
pvalloc is guarantueed to round up the allocation size to the page
size, so applications can assume that the memory region is larger
than the passed-in argument.  The alloc_size attribute cannot express
that.

The test case is based on a suggestion from Jakub Jelinek.

This fixes commit 9bf8e29ca136094f73f69f725f15c51facc97206 ("malloc:
make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)").

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Diffstat (limited to 'malloc')
-rw-r--r--malloc/Makefile2
-rw-r--r--malloc/malloc.h3
-rw-r--r--malloc/tst-pvalloc-fortify.c48
3 files changed, 50 insertions, 3 deletions
diff --git a/malloc/Makefile b/malloc/Makefile
index 734efe368d..984045b5b9 100644
--- a/malloc/Makefile
+++ b/malloc/Makefile
@@ -27,7 +27,7 @@ headers := $(dist-headers) obstack.h mcheck.h
 tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \
 	 tst-mcheck tst-mallocfork tst-trim1 \
 	 tst-malloc-usable tst-realloc tst-reallocarray tst-posix_memalign \
-	 tst-pvalloc tst-memalign tst-mallopt \
+	 tst-pvalloc tst-pvalloc-fortify tst-memalign tst-mallopt \
 	 tst-malloc-backtrace tst-malloc-thread-exit \
 	 tst-malloc-thread-fail tst-malloc-fork-deadlock \
 	 tst-mallocfork2 \
diff --git a/malloc/malloc.h b/malloc/malloc.h
index 0c76264421..a6903fdd54 100644
--- a/malloc/malloc.h
+++ b/malloc/malloc.h
@@ -71,8 +71,7 @@ extern void *valloc (size_t __size) __THROW __attribute_malloc__
 
 /* Equivalent to valloc(minimum-page-that-holds(n)), that is, round up
    __size to nearest pagesize. */
-extern void *pvalloc (size_t __size) __THROW __attribute_malloc__
-     __attribute_alloc_size__ ((1)) __wur;
+extern void *pvalloc (size_t __size) __THROW __attribute_malloc__ __wur;
 
 /* Underlying allocation function; successive calls should return
    contiguous pieces of memory.  */
diff --git a/malloc/tst-pvalloc-fortify.c b/malloc/tst-pvalloc-fortify.c
new file mode 100644
index 0000000000..391b7fa2f5
--- /dev/null
+++ b/malloc/tst-pvalloc-fortify.c
@@ -0,0 +1,48 @@
+/* Test fortify-source allocation size handling in pvalloc (bug 25401).
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation; either version 2.1 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If
+   not, see <https://www.gnu.org/licenses/>.  */
+
+#undef _FORTIFY_SOURCE
+#define _FORTIFY_SOURCE 2
+#include <malloc.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xunistd.h>
+#include <unistd.h>
+
+static int
+do_test (void)
+{
+  /* The test below assumes that pvalloc rounds up the allocation size
+     to at least 8.  */
+  TEST_VERIFY (xsysconf (_SC_PAGESIZE) >= 8);
+
+  void *p = pvalloc (5);
+  TEST_VERIFY_EXIT (p != NULL);
+
+  /* This is valid assuming the page size is at least 8 because
+     pvalloc rounds up the allocation size to a multiple of the page
+     size.  Due to bug 25041, this used to trigger a compiler
+     warning.  */
+  strcpy (p, "abcdefg");
+
+  asm ("" : : "g" (p) : "memory"); /* Optimization barrier.  */
+  TEST_VERIFY (malloc_usable_size (p) >= xsysconf (_SC_PAGESIZE));
+  return 0;
+}
+
+#include <support/test-driver.c>