Hi Paul,
> > ! void
> > freea (void *p)
> > {
> > ! /* Determine whether p was a non-NULL pointer returned by mmalloca().
> > */
> > ! if ((uintptr_t) p & sa_alignment_max)
>
> This should be "((uintptr_t) p & (2 * sa_alignment_max - 1))", to make
> it more likely that a runtime error is detected if a garbage pointer is
> passed to freea.
Changing the 'if' condition will not actually detect anything. The function
will still behave according to the "garbage in - garbage out" principle.
But you are right, it is possible here to detect invalid arguments. So let's
do so:
2018-02-02 Bruno Haible <br...@clisp.org>
malloca: Add an argument check.
Suggested by Paul Eggert.
* lib/malloca.c (freea): Check against an invalid argument.
diff --git a/lib/malloca.c b/lib/malloca.c
index 5741cba..c5321d1 100644
--- a/lib/malloca.c
+++ b/lib/malloca.c
@@ -78,6 +78,12 @@ mmalloca (size_t n)
void
freea (void *p)
{
+ /* Check argument. */
+ if ((uintptr_t) p & (sa_alignment_max - 1))
+ {
+ /* p was not the result of a malloca() call. Invalid argument. */
+ abort ();
+ }
/* Determine whether p was a non-NULL pointer returned by mmalloca(). */
if ((uintptr_t) p & sa_alignment_max)
{
