Re: Malloc failures check

2019-11-21 Thread Dmitry Belyavsky 
Unfortunately, it is not a compile-time check...

I mean smth like
https://github.com/openssl/openssl/blob/ab5c77b4766e0992751d86560193ca42b49cf316/include/openssl/e_os2.h#L198-L202
but not sure it is applicable to external functions...

On Thu, Nov 21, 2019 at 1:42 PM Salz, Rich  wrote:

>
>- It would be possible to implement a malloc failure feature in the
>test suite that systematically runs a test many times, failing successive
>malloc calls.
>
>
>
> It’s there; look crypto/mem.c, shouldfail() and FAILTEST.
>
>
>
> More detail, from off-list discusson:
>
>
>
> i=0
>
> while : ; do
>
>((i++))
>
>export MALLOC_FAILURE_CHECKS=${i}@100 openssl foo etc…
>
>test -f core && echo crashed && exit 1
>
>  done
>
>
>
>
>


-- 
SY, Dmitry Belyavsky

Re: Malloc failures check

2019-11-21 Thread Salz, Rich 
  *   It would be possible to implement a malloc failure feature in the test 
suite that systematically runs a test many times, failing successive malloc 
calls.

It’s there; look crypto/mem.c, shouldfail() and FAILTEST.

More detail, from off-list discusson:

i=0
while : ; do
   ((i++))
   export MALLOC_FAILURE_CHECKS=${i}@100 openssl foo etc…
   test -f core && echo crashed && exit 1
 done

Re: Malloc failures check

2019-11-21 Thread Salz, Rich 
  *   It would be possible to implement a malloc failure feature in the test 
suite that systematically runs a test many times, failing successive malloc 
calls.

It’s there; look crypto/mem.c, shouldfail() and FAILTEST.

Re: Malloc failures check

2019-11-20 Thread Dr Paul Dale 

Adding a compile time check would be good.  I’m not sure how.
It would be possible to implement a malloc failure feature in the test suite 
that systematically runs a test many times, failing successive malloc calls.

I’m kind of surprised that the various static analysers hadn't found some of 
these.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 21 Nov 2019, at 1:26 pm, Dmitry Belyavsky  wrote:
> 
> Hello,
> 
> Observing a series of similar bugs related to a lack of checks of the malloc 
> return values, I wonder if we could automate the search of these errors on 
> the compile level (e.g. similar to the __owur macro)?
> 
> -- 
> SY, Dmitry Belyavsky

Malloc failures check

2019-11-20 Thread Dmitry Belyavsky 
Hello,

Observing a series of similar bugs related to a lack of checks of the
malloc return values, I wonder if we could automate the search of these
errors on the compile level (e.g. similar to the __owur macro)?

-- 
SY, Dmitry Belyavsky