Re: ptrdiff_t overflow checks for malloc-posix etc.

Sun, 18 Apr 2021 15:34:14 -0700 

On 4/18/21 1:23 PM, Bruno Haible wrote:

If we put the test in a module that is marked as

     Status:
     privileged-test


It shouldn't require root access to test.
I installed the attached instead, as this is simpler. If there are problems with PTRDIFF_MAX + 1, the test program might thrash or maybe even crash the kernel, but that's good enough since there shouldn't be problems. These tests are not immune to arbitrary compiler optimization tricks but it's not worth the trouble to try to bypass the trucks. 
>From 4d58319de4759923a6661a7c05b08cbbd335285b Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Sun, 18 Apr 2021 15:29:54 -0700
Subject: [PATCH] malloc-gnu-tests, etc.: test ptrdiff_t overflow

* modules/calloc-gnu-tests (Depends-on):
* modules/malloc-gnu-tests (Depends-on):
* modules/realloc-gnu-tests (Depends-on): Add stdint.
* tests/test-calloc-gnu.c (main):
* tests/test-malloc-gnu.c (main):,
* tests/test-realloc-gnu.c (main): Test for ptrdiff_t overflow.
---
 ChangeLog                 |  8 ++++++++
 modules/calloc-gnu-tests  |  1 +
 modules/malloc-gnu-tests  |  1 +
 modules/realloc-gnu-tests |  1 +
 tests/test-calloc-gnu.c   | 14 +++++++++++++-
 tests/test-malloc-gnu.c   | 11 ++++++++++-
 tests/test-realloc-gnu.c  | 10 ++++++++++
 7 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dd491f07b..ab6045fd3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2021-04-18  Paul Eggert  <egg...@cs.ucla.edu>
 
+	malloc-gnu-tests, etc.: test ptrdiff_t overflow
+	* modules/calloc-gnu-tests (Depends-on):
+	* modules/malloc-gnu-tests (Depends-on):
+	* modules/realloc-gnu-tests (Depends-on): Add stdint.
+	* tests/test-calloc-gnu.c (main):
+	* tests/test-malloc-gnu.c (main):,
+	* tests/test-realloc-gnu.c (main): Test for ptrdiff_t overflow.
+
 	malloc-gnu, etc.: prefer AS_CASE to woolly AS_IF
 	* m4/calloc.m4 (_AC_FUNC_CALLOC_IF):
 	* m4/malloc.m4 (_AC_FUNC_MALLOC_IF):
diff --git a/modules/calloc-gnu-tests b/modules/calloc-gnu-tests
index 996db23b9..a4804fd28 100644
--- a/modules/calloc-gnu-tests
+++ b/modules/calloc-gnu-tests
@@ -2,6 +2,7 @@ Files:
 tests/test-calloc-gnu.c
 
 Depends-on:
+stdint
 
 configure.ac:
 
diff --git a/modules/malloc-gnu-tests b/modules/malloc-gnu-tests
index 75f7e4f52..9a6f01cfa 100644
--- a/modules/malloc-gnu-tests
+++ b/modules/malloc-gnu-tests
@@ -2,6 +2,7 @@ Files:
 tests/test-malloc-gnu.c
 
 Depends-on:
+stdint
 
 configure.ac:
 
diff --git a/modules/realloc-gnu-tests b/modules/realloc-gnu-tests
index 959d5d408..9d26260ba 100644
--- a/modules/realloc-gnu-tests
+++ b/modules/realloc-gnu-tests
@@ -2,6 +2,7 @@ Files:
 tests/test-realloc-gnu.c
 
 Depends-on:
+stdint
 
 configure.ac:
 
diff --git a/tests/test-calloc-gnu.c b/tests/test-calloc-gnu.c
index 953bd778b..eb336e1a6 100644
--- a/tests/test-calloc-gnu.c
+++ b/tests/test-calloc-gnu.c
@@ -17,6 +17,7 @@
 #include <config.h>
 
 #include <stdlib.h>
+#include <stdint.h>
 
 /* Return 8.
    Usual compilers are not able to infer something about the return value.  */
@@ -49,7 +50,7 @@ main ()
      'volatile' is needed to defeat an incorrect optimization by clang 10,
      see <https://bugs.llvm.org/show_bug.cgi?id=46055>.  */
   {
-    void * volatile p = calloc ((size_t) -1 / 8 + 1, eight ());
+    void * volatile p = calloc (SIZE_MAX / 8 + 1, eight ());
     if (p != NULL)
       {
         free (p);
@@ -57,5 +58,16 @@ main ()
       }
   }
 
+  /* Likewise for PTRDIFF_MAX.  */
+  if (PTRDIFF_MAX / 8 < SIZE_MAX)
+    {
+      void * volatile p = calloc (PTRDIFF_MAX / 8 + 1, eight ());
+      if (p != NULL)
+        {
+          free (p);
+          return 2;
+        }
+    }
+
   return 0;
 }
diff --git a/tests/test-malloc-gnu.c b/tests/test-malloc-gnu.c
index 58a697f72..ce7e4fec2 100644
--- a/tests/test-malloc-gnu.c
+++ b/tests/test-malloc-gnu.c
@@ -17,6 +17,7 @@
 #include <config.h>
 
 #include <stdlib.h>
+#include <stdint.h>
 
 int
 main ()
@@ -25,7 +26,15 @@ main ()
   char *p = malloc (0);
   if (p == NULL)
     return 1;
-
   free (p);
+
+  /* Check that malloc (n) fails when n exceeds PTRDIFF_MAX.  */
+  if (PTRDIFF_MAX < SIZE_MAX)
+    {
+      size_t n = PTRDIFF_MAX, n1 = n + 1;
+      if (malloc (n1) != NULL)
+        return 1;
+    }
+
   return 0;
 }
diff --git a/tests/test-realloc-gnu.c b/tests/test-realloc-gnu.c
index 296852049..9c7344f15 100644
--- a/tests/test-realloc-gnu.c
+++ b/tests/test-realloc-gnu.c
@@ -17,6 +17,7 @@
 #include <config.h>
 
 #include <stdlib.h>
+#include <stdint.h>
 
 int
 main ()
@@ -26,6 +27,15 @@ main ()
   if (p == NULL)
     return 1;
 
+  /* Check that realloc (p, n) fails when p is non-null and n exceeds
+     PTRDIFF_MAX.  */
+  if (PTRDIFF_MAX < SIZE_MAX)
+    {
+      size_t n = PTRDIFF_MAX, n1 = n + 1;
+      if (realloc (p, n1) != NULL)
+        return 1;
+    }
+
   free (p);
   return 0;
 }
-- 
2.27.0

Reply via email to