From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.9]) by sourceware.org (Postfix) with ESMTPS id 2DFC3385841A for ; Fri, 2 Dec 2022 12:03:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2DFC3385841A Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nefkom.net Received: from frontend03.mail.m-online.net (unknown [192.168.6.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4NNs5w08Vnz1r1Mh; Fri, 2 Dec 2022 13:03:15 +0100 (CET) Received: from localhost (dynscan3.mnet-online.de [192.168.6.84]) by mail.m-online.net (Postfix) with ESMTP id 4NNs5v5NPVz1qqlR; Fri, 2 Dec 2022 13:03:15 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan3.mail.m-online.net [192.168.6.84]) (amavisd-new, port 10024) with ESMTP id VandKjds0p_o; Fri, 2 Dec 2022 13:03:14 +0100 (CET) X-Auth-Info: le7nXAVhs87ASOd2EElUa1FmMltu7VctPssmjnPl0yLUJGir4GlWiwh6KYl+YqyP Received: from igel.home (aftr-62-216-205-136.dynamic.mnet-online.de [62.216.205.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Fri, 2 Dec 2022 13:03:14 +0100 (CET) Received: by igel.home (Postfix, from userid 1000) id 44EBB2C31B6; Fri, 2 Dec 2022 13:03:14 +0100 (CET) From: Andreas Schwab To: Siddhesh Poyarekar Cc: libc-alpha@sourceware.org, fweimer@redhat.com, carlos@redhat.com Subject: Re: [RFC] Supporting malloc_usable_size References: <20221124213258.305192-1-siddhesh@gotplt.org> X-Yow: Hello, GORRY-O!! I'm a GENIUS from HARVARD!! Date: Fri, 02 Dec 2022 13:03:14 +0100 In-Reply-To: <20221124213258.305192-1-siddhesh@gotplt.org> (Siddhesh Poyarekar's message of "Thu, 24 Nov 2022 16:32:58 -0500") Message-ID: <87sfhyrp19.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Nov 24 2022, Siddhesh Poyarekar wrote: > This is in context of this systemd issue: > > https://github.com/systemd/systemd/issues/22801 > > through which I had discovered that systemd was (ab)using > malloc_usable_size to use spare space in an allocated object. This was > discovered when _FORTIFY_SOURCE=3 flagged this as a buffer overflow, > since the compiler is unable to see that the space beyond the allocation > was safe to use. Which it isn't. Nothing prevents malloc to hand out the extra space to a different thread any time, so the size returned by malloc_usable_size can get outdated instantly. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."