[Valgrind-developers] valgrind: r7110 - branches/THRCHECK/thrcheck

Wed, 07 Nov 2007 18:29:45 -0800 

Author: sewardj
Date: 2007-11-08 02:29:36 +0000 (Thu, 08 Nov 2007)
New Revision: 7110

Log:
Some well-known open-source software that shall remain nameless
considers it important to do malloc(-1), which causes Thrcheck's
allocator to assert.  Detect such attempts and return NULL.  Logic is
identical to that in memcheck/mc_malloc_wrappers.c.

Modified:
   branches/THRCHECK/thrcheck/tc_main.c


Modified: branches/THRCHECK/thrcheck/tc_main.c
===================================================================
--- branches/THRCHECK/thrcheck/tc_main.c        2007-11-07 11:05:23 UTC (rev 
7109)
+++ branches/THRCHECK/thrcheck/tc_main.c        2007-11-08 02:29:36 UTC (rev 
7110)
@@ -6999,6 +6999,7 @@
    Addr        p;
    MallocMeta* md;
 
+   tl_assert( ((SSizeT)szB) >= 0 );
    p = (Addr)VG_(cli_malloc)(alignB, szB);
    if (!p) {
       return NULL;
@@ -7023,23 +7024,33 @@
    return (void*)p;
 }
 
+/* Re the checks for less-than-zero (also in tc_cli__realloc below):
+   Cast to a signed type to catch any unexpectedly negative args.
+   We're assuming here that the size asked for is not greater than
+   2^31 bytes (for 32-bit platforms) or 2^63 bytes (for 64-bit
+   platforms). */
 static void* tc_cli__malloc ( ThreadId tid, SizeT n ) {
+   if (((SSizeT)n) < 0) return NULL;
    return handle_alloc ( tid, n, VG_(clo_alignment),
                          /*is_zeroed*/False );
 }
 static void* tc_cli____builtin_new ( ThreadId tid, SizeT n ) {
+   if (((SSizeT)n) < 0) return NULL;
    return handle_alloc ( tid, n, VG_(clo_alignment),
                          /*is_zeroed*/False );
 }
 static void* tc_cli____builtin_vec_new ( ThreadId tid, SizeT n ) {
+   if (((SSizeT)n) < 0) return NULL;
    return handle_alloc ( tid, n, VG_(clo_alignment), 
                          /*is_zeroed*/False );
 }
 static void* tc_cli__memalign ( ThreadId tid, SizeT align, SizeT n ) {
+   if (((SSizeT)n) < 0) return NULL;
    return handle_alloc ( tid, n, align, 
                          /*is_zeroed*/False );
 }
 static void* tc_cli__calloc ( ThreadId tid, SizeT nmemb, SizeT size1 ) {
+   if ( ((SSizeT)nmemb) < 0 || ((SSizeT)size1) < 0 ) return NULL;
    return handle_alloc ( tid, nmemb*size1, VG_(clo_alignment),
                          /*is_zeroed*/True );
 }
@@ -7093,6 +7104,8 @@
 
    Addr payload = (Addr)payloadV;
 
+   if (((SSizeT)new_size) < 0) return NULL;
+
    md = (MallocMeta*) VG_(HT_lookup)( tc_mallocmeta_table, (UWord)payload );
    if (!md)
       return NULL; /* apparently realloc-ing a bogus address.  Oh well. */


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Valgrind-developers mailing list
Valgrind-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/valgrind-developers

Reply via email to