From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by sourceware.org (Postfix) with ESMTPS id 105383850F26 for ; Thu, 22 Dec 2022 18:19:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 105383850F26 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ej1-x62d.google.com with SMTP id t17so6852199eju.1 for ; Thu, 22 Dec 2022 10:19:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fxUEcK23JQy0lWNIV9EkGB06+YvWe2T7OM1ELqmA2Q0=; b=IQC8FQEojCJfkE0bsahfiv6b3G/wkXzN87nyyjG+c8ODVn7QDzAJahjcNa4bNrJkCG 2YSNi+rwx6NTXOkqOgXA8ww340AIO5KLmOyFYL1VFc5TL8bEHBo/kdCKFIN7f3AkgVOo E1uHhKYZ0Jvo4U1qJwSsO1//1phMEiTGvu2nseXTLLoix5EAQ7OBZU63Ss4hPYf+0Jwu Qnf42pdxwQFErrFAS+PT/i1YbAaXKV2utrdkzULEYL6t+6e9Kpp7sv/3mvNmbbWTw1ow JDYlRmzEm3ldj58dl4ewUJOoNwxX3Y4zvSU/BM4sHPe5//B15299eKk9nKqTJCppZ9OH COZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fxUEcK23JQy0lWNIV9EkGB06+YvWe2T7OM1ELqmA2Q0=; b=A8dmPJUMY9FvvcvUtJBMkTJYaPecpd6XsXiRGOSTlUTvL7reJMUV8UMpP6DDL1Vq2p N5ueXmuxzqGPTyokpynEbFMF0Snjhx5tBXMNjIhLZLze94aJUjDAkqZOjQQMOOUbCaYe Cc5CuGluMPHEE0FoX5YPzia72roMtrixTb8nTzVZUZuFs57qn9LyYaabk63C5wgVoaOU bFo0CjRGBu1zS7EgmCauaTXCd5dyGE6uMCKoMJZZJhsFALEzXOFq+rkXMSBYiLsr/Gn9 33dtGzEsLfp/NLfZLqFtPBndHthA9Vid9UfihpbBmfyGEuPtVqoG39+FsaZFF5UGXfMv kRqw== X-Gm-Message-State: AFqh2kr/JqF5UUGLxMPmeRIoqQWpMbKNRMRIh02v5V6fHCi6mu04fPbB nk26be8FR6oZuDSDb22/Hn7hH/ncuQPCcb+yLQco/npp X-Google-Smtp-Source: AMrXdXuqATUnC9AEhR99u3b28EDln3bu2VIWXTmJ5SFvZZ57nIuuzKdHnMRaDtzI1BAnUlFv87pXsm4h80Ug5fMxIsg= X-Received: by 2002:a17:906:281b:b0:7c1:98f:be57 with SMTP id r27-20020a170906281b00b007c1098fbe57mr422451ejc.97.1671733195762; Thu, 22 Dec 2022 10:19:55 -0800 (PST) MIME-Version: 1.0 References: <3ae9534d-e31-95ee-25ea-93707dddf34a@codesourcery.com> In-Reply-To: <3ae9534d-e31-95ee-25ea-93707dddf34a@codesourcery.com> From: Noah Goldstein Date: Thu, 22 Dec 2022 10:19:45 -0800 Message-ID: Subject: Re: Avoid use of atoi in malloc To: Joseph Myers Cc: libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Thu, Dec 22, 2022 at 8:29 AM Joseph Myers wrote: > > This patch is analogous to commit > a3708cf6b0a5a68e2ed1ce3db28a03ed21d368d2. > > atoi has undefined behavior on out-of-range input, which makes it > problematic to use anywhere in glibc that might be processing input > out-of-range for atoi but not specified to produce undefined behavior > for the function calling atoi. In conjunction with the C2x strtol > changes, use of atoi in libc can also result in localplt test failures > because the redirection for strtol does not interact properly with the > libc_hidden_proto call for __isoc23_strtol for the call in the inline > atoi implementation. > > In malloc/arena.c, this issue shows up for atoi calls that are only > compiled for --disable-tunables (thus with the > x86_64-linux-gnu-minimal configuration of build-many-glibcs.py, for > example). Change those atoi calls to use strtol directly, as in the > previous such changes. > > Tested for x86_64 (--disable-tunables). > > diff --git a/malloc/arena.c b/malloc/arena.c > index f381f18371..840129e956 100644 > --- a/malloc/arena.c > +++ b/malloc/arena.c > @@ -386,34 +386,39 @@ ptmalloc_init (void) > if (!__builtin_expect (__libc_enable_secure, 0)) > { > if (memcmp (envline, "TOP_PAD_", 8) == 0) > - __libc_mallopt (M_TOP_PAD, atoi (&envline[9])); > + __libc_mallopt (M_TOP_PAD, strtol (&envline[9], NULL, 10)); > else if (memcmp (envline, "PERTURB_", 8) == 0) > - __libc_mallopt (M_PERTURB, atoi (&envline[9])); > + __libc_mallopt (M_PERTURB, strtol (&envline[9], NULL, 10)); > } > break; > case 9: > if (!__builtin_expect (__libc_enable_secure, 0)) > { > if (memcmp (envline, "MMAP_MAX_", 9) == 0) > - __libc_mallopt (M_MMAP_MAX, atoi (&envline[10])); > + __libc_mallopt (M_MMAP_MAX, strtol (&envline[10], > + NULL, 10)); > else if (memcmp (envline, "ARENA_MAX", 9) == 0) > - __libc_mallopt (M_ARENA_MAX, atoi (&envline[10])); > + __libc_mallopt (M_ARENA_MAX, strtol (&envline[10], > + NULL, 10)); > } > break; > case 10: > if (!__builtin_expect (__libc_enable_secure, 0)) > { > if (memcmp (envline, "ARENA_TEST", 10) == 0) > - __libc_mallopt (M_ARENA_TEST, atoi (&envline[11])); > + __libc_mallopt (M_ARENA_TEST, strtol (&envline[11], > + NULL, 10)); > } > break; > case 15: > if (!__builtin_expect (__libc_enable_secure, 0)) > { > if (memcmp (envline, "TRIM_THRESHOLD_", 15) == 0) > - __libc_mallopt (M_TRIM_THRESHOLD, atoi (&envline[16])); > + __libc_mallopt (M_TRIM_THRESHOLD, strtol (&envline[16], > + NULL, 10)); > else if (memcmp (envline, "MMAP_THRESHOLD_", 15) == 0) > - __libc_mallopt (M_MMAP_THRESHOLD, atoi (&envline[16])); > + __libc_mallopt (M_MMAP_THRESHOLD, strtol (&envline[16], > + NULL, 10)); > } > break; > default: > > -- > Joseph S. Myers > joseph@codesourcery.com LGTM.