[LLVMbugs] [Bug 21321] New: locale scan-build triggers CERT MEM04 zero-length allocation error
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Mon Oct 20 21:59:16 PDT 2014
http://llvm.org/bugs/show_bug.cgi?id=21321
Bug ID: 21321
Summary: locale scan-build triggers CERT MEM04 zero-length
allocation error
Product: libc++
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: stevemac321 at live.com
CC: llvmbugs at cs.uiuc.edu, mclow.lists at gmail.com
Classification: Unclassified
in <locale> __double_or_nothing line 2974 calls realloc; scan-build reports
that __new_cap can return zero which triggers the error.
>From N1225 (CERT)
"If the value of nsize in this example is 0, the standard allows the option of
either returning a null pointer or returning a pointer to an invalid (e.g.,
zero-length) object. In cases where the realloc() function frees the memory but
returns a null pointer, execution of the code in this example results in a
double free."
See N1570 (C99) 7.22.3 for collaboration:
If the space cannot be allocated, a null pointer is returned. If the size of
the space requested is zero, the behavior is implementation-defined: either a
null pointer is returned, or the behavior is as if the size were some nonzero
value, except that the returned pointer shall not be used to access an object.
Here is a proposed fix, although it might be naive because it assumes that
__new_cap is never intended to have a zero value.
_Tp* __t = nullptr;
if(__new_cap != 0) // just add this check
__t = (_Tp*)realloc(__owns ? __b.get() : 0, __new_cap);
if (__t == 0)
__throw_bad_alloc();
I applied this fix locally with a freshly synced libcxx. There is a locale.cpp
source file, so I rebuilt the library with the patch.
I am on Ubuntu 14.4 x64
clang version 3.6.0 (trunk 217475)
Target: x86_64-unknown-linux-gnu
Thread model: posix
I am new to the project, so check my steps after syncing, I built the lib from
my build_libcxx
make
sudo make install
I ran the all the tests under localization; first without the patch:
../testit 2>&1 | tee baseline.log
Then I applied my patch and rebuilt the lib and ran the localization tests
again:
../testit 2>&1 | tee patched.log
The results were exactly the same.
Let me know if you have other questions
Steve MacKenzie
stevemac321 at live.com
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20141021/857c6043/attachment.html>
More information about the llvm-bugs
mailing list