Re: [PATCH] malloc: fix out-of-bounds read

2024-07-23 Thread Chet Ramey
On 7/23/24 2:08 AM, Collin Funk wrote: Hi Chet, Chet Ramey writes: /* Use this when we want to be sure that NB is in bucket NU. */ #define RIGHT_BUCKET(nb, nu) \ (((nb) > binsizes[(nu)-1]) && ((nb) <= binsizes[(nu)])) The right fix here is two-fold: fix the first test here to evalua

Re: [PATCH] malloc: fix out-of-bounds read

2024-07-22 Thread Collin Funk
Hi Chet, Chet Ramey writes: >> /* Use this when we want to be sure that NB is in bucket NU. */ >> #define RIGHT_BUCKET(nb, nu) \ >> (((nb) > binsizes[(nu)-1]) && ((nb) <= binsizes[(nu)])) > > The right fix here is two-fold: fix the first test here to evaluate to 0 > if nu == 0, and change t

Re: [PATCH] malloc: fix out-of-bounds read

2024-07-22 Thread Chet Ramey
On 7/19/24 1:06 AM, Collin Funk wrote: Hi, In lib/malloc/malloc.c there is a read that occurs 1 or 2 indexes before the first element in the buffer. The issue is this macro: Thanks for the report. This affects calls to realloc with size < 64 bytes. /* Use this when we want to be sure that N