Re: Avoid use of atoi in malloc

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Noah Goldstein <goldstein.w.n@gmail.com>
To: Joseph Myers <joseph@codesourcery.com>
Cc: libc-alpha@sourceware.org
Subject: Re: Avoid use of atoi in malloc
Date: Thu, 22 Dec 2022 10:19:45 -0800	[thread overview]
Message-ID: <CAFUsyfJrfxpAWSQRY=FMtH-AO_V-jVM-Re4W0+Bwy38aD2gGeA@mail.gmail.com> (raw)
In-Reply-To: <3ae9534d-e31-95ee-25ea-93707dddf34a@codesourcery.com>

On Thu, Dec 22, 2022 at 8:29 AM Joseph Myers <joseph@codesourcery.com> wrote:
>
> This patch is analogous to commit
> a3708cf6b0a5a68e2ed1ce3db28a03ed21d368d2.
>
> atoi has undefined behavior on out-of-range input, which makes it
> problematic to use anywhere in glibc that might be processing input
> out-of-range for atoi but not specified to produce undefined behavior
> for the function calling atoi.  In conjunction with the C2x strtol
> changes, use of atoi in libc can also result in localplt test failures
> because the redirection for strtol does not interact properly with the
> libc_hidden_proto call for __isoc23_strtol for the call in the inline
> atoi implementation.
>
> In malloc/arena.c, this issue shows up for atoi calls that are only
> compiled for --disable-tunables (thus with the
> x86_64-linux-gnu-minimal configuration of build-many-glibcs.py, for
> example).  Change those atoi calls to use strtol directly, as in the
> previous such changes.
>
> Tested for x86_64 (--disable-tunables).
>
> diff --git a/malloc/arena.c b/malloc/arena.c
> index f381f18371..840129e956 100644
> --- a/malloc/arena.c
> +++ b/malloc/arena.c
> @@ -386,34 +386,39 @@ ptmalloc_init (void)
>                if (!__builtin_expect (__libc_enable_secure, 0))
>                  {
>                    if (memcmp (envline, "TOP_PAD_", 8) == 0)
> -                    __libc_mallopt (M_TOP_PAD, atoi (&envline[9]));
> +                    __libc_mallopt (M_TOP_PAD, strtol (&envline[9], NULL, 10));
>                    else if (memcmp (envline, "PERTURB_", 8) == 0)
> -                    __libc_mallopt (M_PERTURB, atoi (&envline[9]));
> +                    __libc_mallopt (M_PERTURB, strtol (&envline[9], NULL, 10));
>                  }
>                break;
>              case 9:
>                if (!__builtin_expect (__libc_enable_secure, 0))
>                  {
>                    if (memcmp (envline, "MMAP_MAX_", 9) == 0)
> -                    __libc_mallopt (M_MMAP_MAX, atoi (&envline[10]));
> +                    __libc_mallopt (M_MMAP_MAX, strtol (&envline[10],
> +                                                       NULL, 10));
>                    else if (memcmp (envline, "ARENA_MAX", 9) == 0)
> -                    __libc_mallopt (M_ARENA_MAX, atoi (&envline[10]));
> +                    __libc_mallopt (M_ARENA_MAX, strtol (&envline[10],
> +                                                        NULL, 10));
>                  }
>                break;
>              case 10:
>                if (!__builtin_expect (__libc_enable_secure, 0))
>                  {
>                    if (memcmp (envline, "ARENA_TEST", 10) == 0)
> -                    __libc_mallopt (M_ARENA_TEST, atoi (&envline[11]));
> +                    __libc_mallopt (M_ARENA_TEST, strtol (&envline[11],
> +                                                         NULL, 10));
>                  }
>                break;
>              case 15:
>                if (!__builtin_expect (__libc_enable_secure, 0))
>                  {
>                    if (memcmp (envline, "TRIM_THRESHOLD_", 15) == 0)
> -                    __libc_mallopt (M_TRIM_THRESHOLD, atoi (&envline[16]));
> +                    __libc_mallopt (M_TRIM_THRESHOLD, strtol (&envline[16],
> +                                                             NULL, 10));
>                    else if (memcmp (envline, "MMAP_THRESHOLD_", 15) == 0)
> -                    __libc_mallopt (M_MMAP_THRESHOLD, atoi (&envline[16]));
> +                    __libc_mallopt (M_MMAP_THRESHOLD, strtol (&envline[16],
> +                                                             NULL, 10));
>                  }
>                break;
>              default:
>
> --
> Joseph S. Myers
> joseph@codesourcery.com

LGTM.

     prev parent reply	other threads:[~2022-12-22 18:19 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-22 16:29 Joseph Myers
2022-12-22 18:19 ` Noah Goldstein [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFUsyfJrfxpAWSQRY=FMtH-AO_V-jVM-Re4W0+Bwy38aD2gGeA@mail.gmail.com' \
    --to=goldstein.w.n@gmail.com \
    --cc=joseph@codesourcery.com \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).