|
From: <sv...@va...> - 2007-11-08 02:29:37
|
Author: sewardj
Date: 2007-11-08 02:29:36 +0000 (Thu, 08 Nov 2007)
New Revision: 7110
Log:
Some well-known open-source software that shall remain nameless
considers it important to do malloc(-1), which causes Thrcheck's
allocator to assert. Detect such attempts and return NULL. Logic is
identical to that in memcheck/mc_malloc_wrappers.c.
Modified:
branches/THRCHECK/thrcheck/tc_main.c
Modified: branches/THRCHECK/thrcheck/tc_main.c
===================================================================
--- branches/THRCHECK/thrcheck/tc_main.c 2007-11-07 11:05:23 UTC (rev 7109)
+++ branches/THRCHECK/thrcheck/tc_main.c 2007-11-08 02:29:36 UTC (rev 7110)
@@ -6999,6 +6999,7 @@
Addr p;
MallocMeta* md;
+ tl_assert( ((SSizeT)szB) >= 0 );
p = (Addr)VG_(cli_malloc)(alignB, szB);
if (!p) {
return NULL;
@@ -7023,23 +7024,33 @@
return (void*)p;
}
+/* Re the checks for less-than-zero (also in tc_cli__realloc below):
+ Cast to a signed type to catch any unexpectedly negative args.
+ We're assuming here that the size asked for is not greater than
+ 2^31 bytes (for 32-bit platforms) or 2^63 bytes (for 64-bit
+ platforms). */
static void* tc_cli__malloc ( ThreadId tid, SizeT n ) {
+ if (((SSizeT)n) < 0) return NULL;
return handle_alloc ( tid, n, VG_(clo_alignment),
/*is_zeroed*/False );
}
static void* tc_cli____builtin_new ( ThreadId tid, SizeT n ) {
+ if (((SSizeT)n) < 0) return NULL;
return handle_alloc ( tid, n, VG_(clo_alignment),
/*is_zeroed*/False );
}
static void* tc_cli____builtin_vec_new ( ThreadId tid, SizeT n ) {
+ if (((SSizeT)n) < 0) return NULL;
return handle_alloc ( tid, n, VG_(clo_alignment),
/*is_zeroed*/False );
}
static void* tc_cli__memalign ( ThreadId tid, SizeT align, SizeT n ) {
+ if (((SSizeT)n) < 0) return NULL;
return handle_alloc ( tid, n, align,
/*is_zeroed*/False );
}
static void* tc_cli__calloc ( ThreadId tid, SizeT nmemb, SizeT size1 ) {
+ if ( ((SSizeT)nmemb) < 0 || ((SSizeT)size1) < 0 ) return NULL;
return handle_alloc ( tid, nmemb*size1, VG_(clo_alignment),
/*is_zeroed*/True );
}
@@ -7093,6 +7104,8 @@
Addr payload = (Addr)payloadV;
+ if (((SSizeT)new_size) < 0) return NULL;
+
md = (MallocMeta*) VG_(HT_lookup)( tc_mallocmeta_table, (UWord)payload );
if (!md)
return NULL; /* apparently realloc-ing a bogus address. Oh well. */
|