Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <c5c35b74-bc56-e0f1-3608-05aac48f1be3@mirbsd.de>
Date: Sat, 21 Jun 2025 00:06:41 +0200 (CEST)
From: Thorsten Glaser <tg@...bsd.de>
To: Alejandro Colomar <alx@...nel.org>
cc: libc-alpha@...rceware.org, bug-gnulib@....org, musl@...ts.openwall.com, 
    наб <nabijaczleweli@...ijaczleweli.xyz>, 
    Douglas McIlroy <douglas.mcilroy@...tmouth.edu>, 
    Paul Eggert <eggert@...ucla.edu>, Robert Seacord <rcseacord@...il.com>, 
    Elliott Hughes <enh@...gle.com>, Bruno Haible <bruno@...sp.org>, 
    JeanHeyd Meneide <phdofthehouse@...il.com>, Rich Felker <dalias@...c.org>, 
    Adhemerval Zanella Netto <adhemerval.zanella@...aro.org>, 
    Joseph Myers <josmyers@...hat.com>, Florian Weimer <fweimer@...hat.com>, 
    Laurent Bercot <ska-dietlibc@...rnet.org>, Andreas Schwab <schwab@...e.de>, 
    Eric Blake <eblake@...hat.com>, Vincent Lefevre <vincent@...c17.net>, 
    Mark Harris <mark.hsj@...il.com>, Collin Funk <collin.funk1@...il.com>, 
    Wilco Dijkstra <Wilco.Dijkstra@....com>, DJ Delorie <dj@...hat.com>, 
    Cristian Rodríguez <cristian@...riguez.im>, 
    Siddhesh Poyarekar <siddhesh@...plt.org>, Sam James <sam@...too.org>, 
    Mark Wielaard <mark@...mp.org>, "Maciej W. Rozycki" <macro@...hat.com>, 
    Martin Uecker <ma.uecker@...il.com>, 
    Christopher Bazley <chris.bazley.wg14@...il.com>, eskil@...ession.se
Subject: Re: alx-0029r1 - Restore the traditional realloc(3) specification

On Fri, 20 Jun 2025, Alejandro Colomar wrote:

>	There are two kinds of code that call realloc(p,0).  One
>	hard-codes the 0, and is used as a replacement of free(p).  This
>	code ignores the return value, since it's unimportant.  This
>	code currently produces a leak of 0 bytes plus associated
>	metadata on platforms such as musl libc, where it returns a
>	non-null pointer.

16 bytes or so on OpenBSD and derivatives, which return individual
suitably-aligned pointers into pages mapped as inaccessible (so that
accesses of the returned pointer of a 0-byte {m,re}alloc fail) plus,
again, metadata.

+1 on warning on that.

>        For consistency, all the other allocation functions are updated
>        to both return an .

an…?

FWIW, I’m in favour of the proposed change, but I don’t have any
stakes in this, I don’t think I wrote anything that mallocs or
reallocs 0 ever. Plus I’d likely not have to change… much.

(I now see that, in the case realloc() is passed a pointer the
 implementation cannot find in its pool, an error is written (and
 if an option is set, the execution terminated), and NULL is
 returned without setting errno, but that’s UB already anyway.)

Also no need to Cc me, I get this via the musl mailing list, in
which I have some interest (dalias generally knows his stuff).

bye,
//mirabilos
-- 
22:20⎜<asarch> The crazy that persists in his craziness becomes a master
22:21⎜<asarch> And the distance between the craziness and geniality is
only measured by the success 18:35⎜<asarch> "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.