* Avoid use of atoi in malloc
@ 2022-12-22 16:29 Joseph Myers
2022-12-22 18:19 ` Noah Goldstein
0 siblings, 1 reply; 2+ messages in thread
From: Joseph Myers @ 2022-12-22 16:29 UTC (permalink / raw)
To: libc-alpha
This patch is analogous to commit
a3708cf6b0a5a68e2ed1ce3db28a03ed21d368d2.
atoi has undefined behavior on out-of-range input, which makes it
problematic to use anywhere in glibc that might be processing input
out-of-range for atoi but not specified to produce undefined behavior
for the function calling atoi. In conjunction with the C2x strtol
changes, use of atoi in libc can also result in localplt test failures
because the redirection for strtol does not interact properly with the
libc_hidden_proto call for __isoc23_strtol for the call in the inline
atoi implementation.
In malloc/arena.c, this issue shows up for atoi calls that are only
compiled for --disable-tunables (thus with the
x86_64-linux-gnu-minimal configuration of build-many-glibcs.py, for
example). Change those atoi calls to use strtol directly, as in the
previous such changes.
Tested for x86_64 (--disable-tunables).
diff --git a/malloc/arena.c b/malloc/arena.c
index f381f18371..840129e956 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -386,34 +386,39 @@ ptmalloc_init (void)
if (!__builtin_expect (__libc_enable_secure, 0))
{
if (memcmp (envline, "TOP_PAD_", 8) == 0)
- __libc_mallopt (M_TOP_PAD, atoi (&envline[9]));
+ __libc_mallopt (M_TOP_PAD, strtol (&envline[9], NULL, 10));
else if (memcmp (envline, "PERTURB_", 8) == 0)
- __libc_mallopt (M_PERTURB, atoi (&envline[9]));
+ __libc_mallopt (M_PERTURB, strtol (&envline[9], NULL, 10));
}
break;
case 9:
if (!__builtin_expect (__libc_enable_secure, 0))
{
if (memcmp (envline, "MMAP_MAX_", 9) == 0)
- __libc_mallopt (M_MMAP_MAX, atoi (&envline[10]));
+ __libc_mallopt (M_MMAP_MAX, strtol (&envline[10],
+ NULL, 10));
else if (memcmp (envline, "ARENA_MAX", 9) == 0)
- __libc_mallopt (M_ARENA_MAX, atoi (&envline[10]));
+ __libc_mallopt (M_ARENA_MAX, strtol (&envline[10],
+ NULL, 10));
}
break;
case 10:
if (!__builtin_expect (__libc_enable_secure, 0))
{
if (memcmp (envline, "ARENA_TEST", 10) == 0)
- __libc_mallopt (M_ARENA_TEST, atoi (&envline[11]));
+ __libc_mallopt (M_ARENA_TEST, strtol (&envline[11],
+ NULL, 10));
}
break;
case 15:
if (!__builtin_expect (__libc_enable_secure, 0))
{
if (memcmp (envline, "TRIM_THRESHOLD_", 15) == 0)
- __libc_mallopt (M_TRIM_THRESHOLD, atoi (&envline[16]));
+ __libc_mallopt (M_TRIM_THRESHOLD, strtol (&envline[16],
+ NULL, 10));
else if (memcmp (envline, "MMAP_THRESHOLD_", 15) == 0)
- __libc_mallopt (M_MMAP_THRESHOLD, atoi (&envline[16]));
+ __libc_mallopt (M_MMAP_THRESHOLD, strtol (&envline[16],
+ NULL, 10));
}
break;
default:
--
Joseph S. Myers
joseph@codesourcery.com
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Avoid use of atoi in malloc
2022-12-22 16:29 Avoid use of atoi in malloc Joseph Myers
@ 2022-12-22 18:19 ` Noah Goldstein
0 siblings, 0 replies; 2+ messages in thread
From: Noah Goldstein @ 2022-12-22 18:19 UTC (permalink / raw)
To: Joseph Myers; +Cc: libc-alpha
On Thu, Dec 22, 2022 at 8:29 AM Joseph Myers <joseph@codesourcery.com> wrote:
>
> This patch is analogous to commit
> a3708cf6b0a5a68e2ed1ce3db28a03ed21d368d2.
>
> atoi has undefined behavior on out-of-range input, which makes it
> problematic to use anywhere in glibc that might be processing input
> out-of-range for atoi but not specified to produce undefined behavior
> for the function calling atoi. In conjunction with the C2x strtol
> changes, use of atoi in libc can also result in localplt test failures
> because the redirection for strtol does not interact properly with the
> libc_hidden_proto call for __isoc23_strtol for the call in the inline
> atoi implementation.
>
> In malloc/arena.c, this issue shows up for atoi calls that are only
> compiled for --disable-tunables (thus with the
> x86_64-linux-gnu-minimal configuration of build-many-glibcs.py, for
> example). Change those atoi calls to use strtol directly, as in the
> previous such changes.
>
> Tested for x86_64 (--disable-tunables).
>
> diff --git a/malloc/arena.c b/malloc/arena.c
> index f381f18371..840129e956 100644
> --- a/malloc/arena.c
> +++ b/malloc/arena.c
> @@ -386,34 +386,39 @@ ptmalloc_init (void)
> if (!__builtin_expect (__libc_enable_secure, 0))
> {
> if (memcmp (envline, "TOP_PAD_", 8) == 0)
> - __libc_mallopt (M_TOP_PAD, atoi (&envline[9]));
> + __libc_mallopt (M_TOP_PAD, strtol (&envline[9], NULL, 10));
> else if (memcmp (envline, "PERTURB_", 8) == 0)
> - __libc_mallopt (M_PERTURB, atoi (&envline[9]));
> + __libc_mallopt (M_PERTURB, strtol (&envline[9], NULL, 10));
> }
> break;
> case 9:
> if (!__builtin_expect (__libc_enable_secure, 0))
> {
> if (memcmp (envline, "MMAP_MAX_", 9) == 0)
> - __libc_mallopt (M_MMAP_MAX, atoi (&envline[10]));
> + __libc_mallopt (M_MMAP_MAX, strtol (&envline[10],
> + NULL, 10));
> else if (memcmp (envline, "ARENA_MAX", 9) == 0)
> - __libc_mallopt (M_ARENA_MAX, atoi (&envline[10]));
> + __libc_mallopt (M_ARENA_MAX, strtol (&envline[10],
> + NULL, 10));
> }
> break;
> case 10:
> if (!__builtin_expect (__libc_enable_secure, 0))
> {
> if (memcmp (envline, "ARENA_TEST", 10) == 0)
> - __libc_mallopt (M_ARENA_TEST, atoi (&envline[11]));
> + __libc_mallopt (M_ARENA_TEST, strtol (&envline[11],
> + NULL, 10));
> }
> break;
> case 15:
> if (!__builtin_expect (__libc_enable_secure, 0))
> {
> if (memcmp (envline, "TRIM_THRESHOLD_", 15) == 0)
> - __libc_mallopt (M_TRIM_THRESHOLD, atoi (&envline[16]));
> + __libc_mallopt (M_TRIM_THRESHOLD, strtol (&envline[16],
> + NULL, 10));
> else if (memcmp (envline, "MMAP_THRESHOLD_", 15) == 0)
> - __libc_mallopt (M_MMAP_THRESHOLD, atoi (&envline[16]));
> + __libc_mallopt (M_MMAP_THRESHOLD, strtol (&envline[16],
> + NULL, 10));
> }
> break;
> default:
>
> --
> Joseph S. Myers
> joseph@codesourcery.com
LGTM.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-22 18:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-22 16:29 Avoid use of atoi in malloc Joseph Myers
2022-12-22 18:19 ` Noah Goldstein
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).