From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by sourceware.org (Postfix) with ESMTP id 427933857C40 for ; Wed, 12 Aug 2020 08:01:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 427933857C40 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-289-dBMLdAc_PyW7QLSnQBbVcw-1; Wed, 12 Aug 2020 04:01:22 -0400 X-MC-Unique: dBMLdAc_PyW7QLSnQBbVcw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A4BCD100CC84; Wed, 12 Aug 2020 08:01:21 +0000 (UTC) Received: from calimero.vinschen.de (ovpn-112-47.ams2.redhat.com [10.36.112.47]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 75D8787D8F; Wed, 12 Aug 2020 08:01:21 +0000 (UTC) Received: by calimero.vinschen.de (Postfix, from userid 500) id 000EBA803DD; Wed, 12 Aug 2020 10:01:19 +0200 (CEST) Date: Wed, 12 Aug 2020 10:01:19 +0200 From: Corinna Vinschen To: Keith Packard Cc: newlib@sourceware.org Subject: Re: [PATCH 2/4] libm/stdlib: don't read past source in nano_realloc Message-ID: <20200812080119.GL53219@calimero.vinschen.de> Reply-To: newlib@sourceware.org Mail-Followup-To: Keith Packard , newlib@sourceware.org References: <20200811230543.2169774-1-keithp@keithp.com> <20200811230543.2169774-3-keithp@keithp.com> MIME-Version: 1.0 In-Reply-To: <20200811230543.2169774-3-keithp@keithp.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: newlib@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Aug 2020 08:01:28 -0000 On Aug 11 16:05, Keith Packard via Newlib wrote: > Save the computed block size and use it to avoid reading past > the end of the source block. > > Signed-off-by: Keith Packard > --- > newlib/libc/stdlib/nano-mallocr.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-mallocr.c > index 04465eb9e..cef23977e 100644 > --- a/newlib/libc/stdlib/nano-mallocr.c > +++ b/newlib/libc/stdlib/nano-mallocr.c > @@ -466,6 +466,7 @@ void * nano_realloc(RARG void * ptr, malloc_size_t size) > { > void * mem; > chunk * p_to_realloc; > + malloc_size_t old_size; > > if (ptr == NULL) return nano_malloc(RCALL size); > > @@ -477,12 +478,15 @@ void * nano_realloc(RARG void * ptr, malloc_size_t size) > > /* TODO: There is chance to shrink the chunk if newly requested > * size is much small */ > - if (nano_malloc_usable_size(RCALL ptr) >= size) > + old_size = nano_malloc_usable_size(RCALL ptr); > + if (old_size >= size) > return ptr; So, after this statement, we can be sure that size > old_size, right? > mem = nano_malloc(RCALL size); > if (mem != NULL) > { > + if (size > old_size) ...which makes this condition useless. > + size = old_size; > memcpy(mem, ptr, size); why not just memcpy(mem, ptr, old_size); instead? > nano_free(RCALL ptr); > } > -- > 2.28.0 Thanks, Corinna -- Corinna Vinschen Cygwin Maintainer Red Hat