Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <sqztyjgk6yopge2y3skaxhlcfvaslmrh7rhuxwrlkc5iyf3tec@rcadeufr43uk>
Date: Sat, 21 Jun 2025 03:06:46 +0200
From: Alejandro Colomar <alx@...nel.org>
To: Thorsten Glaser <tg@...bsd.de>
Cc: libc-alpha@...rceware.org, bug-gnulib@....org, musl@...ts.openwall.com, 
	наб <nabijaczleweli@...ijaczleweli.xyz>, Douglas McIlroy <douglas.mcilroy@...tmouth.edu>, 
	Paul Eggert <eggert@...ucla.edu>, Robert Seacord <rcseacord@...il.com>, 
	Elliott Hughes <enh@...gle.com>, Bruno Haible <bruno@...sp.org>, 
	JeanHeyd Meneide <phdofthehouse@...il.com>, Rich Felker <dalias@...c.org>, 
	Adhemerval Zanella Netto <adhemerval.zanella@...aro.org>, Joseph Myers <josmyers@...hat.com>, 
	Florian Weimer <fweimer@...hat.com>, Laurent Bercot <ska-dietlibc@...rnet.org>, 
	Andreas Schwab <schwab@...e.de>, Eric Blake <eblake@...hat.com>, 
	Vincent Lefevre <vincent@...c17.net>, Mark Harris <mark.hsj@...il.com>, 
	Collin Funk <collin.funk1@...il.com>, Wilco Dijkstra <Wilco.Dijkstra@....com>, 
	DJ Delorie <dj@...hat.com>, Cristian Rodríguez <cristian@...riguez.im>, 
	Siddhesh Poyarekar <siddhesh@...plt.org>, Sam James <sam@...too.org>, Mark Wielaard <mark@...mp.org>, 
	"Maciej W. Rozycki" <macro@...hat.com>, Martin Uecker <ma.uecker@...il.com>, 
	Christopher Bazley <chris.bazley.wg14@...il.com>, eskil@...ession.se
Subject: Re: alx-0029r1 - Restore the traditional realloc(3) specification

Hi Thorsten,

On Sat, Jun 21, 2025 at 12:06:41AM +0200, Thorsten Glaser wrote:
> On Fri, 20 Jun 2025, Alejandro Colomar wrote:
> 
> >	There are two kinds of code that call realloc(p,0).  One
> >	hard-codes the 0, and is used as a replacement of free(p).  This
> >	code ignores the return value, since it's unimportant.  This
> >	code currently produces a leak of 0 bytes plus associated
> >	metadata on platforms such as musl libc, where it returns a
> >	non-null pointer.
> 
> 16 bytes or so on OpenBSD and derivatives, which return individual
> suitably-aligned pointers into pages mapped as inaccessible (so that
> accesses of the returned pointer of a 0-byte {m,re}alloc fail) plus,
> again, metadata.
> 
> +1 on warning on that.

Thanks!

> 
> >        For consistency, all the other allocation functions are updated
> >        to both return an .
> 
> an…?

:-)

Here's the diff for the next revision, where I've fixed that accident:

	diff --git i/alx-0029.txt w/alx-0029.txt
	index a1a96c4..572c51c 100644
	--- i/alx-0029.txt
	+++ w/alx-0029.txt
	@@ -31,7 +31,6 @@ Author
		Cc: Adhemerval Zanella Netto <adhemerval.zanella@...aro.org>
		Cc: Joseph Myers <josmyers@...hat.com>
		Cc: Florian Weimer <fweimer@...hat.com>
	-       Cc: Laurent Bercot <ska-dietlibc@...rnet.org>
		Cc: Andreas Schwab <schwab@...e.de>
		Cc: Thorsten Glaser <tg@...bsd.de>
		Cc: Eric Blake <eblake@...hat.com>
	@@ -58,6 +57,10 @@ History
		r1 (2025-06-20):
		-  Full rewrite after the recent glibc discussion.
	 
	+       r2 ():
	+       -  Remove bouncing CC.
	+       -  wfix.
	+
	 See also
		<https://nabijaczleweli.xyz/content/blogn_t/017-malloc0.html>
		<https://sourceware.org/pipermail/libc-alpha/1999-April/000956.html>
	@@ -192,7 +195,7 @@ Description
		it doesn't need to define so many special cases.
	 
		For consistency, all the other allocation functions are updated
	-       to both return an .
	+       to both return a null pointer and set errno to ENOMEM.
	 
	 Prior art
	     gnulib

> FWIW, I’m in favour of the proposed change, but I don’t have any
> stakes in this, I don’t think I wrote anything that mallocs or
> reallocs 0 ever. Plus I’d likely not have to change… much.
> 
> (I now see that, in the case realloc() is passed a pointer the
>  implementation cannot find in its pool, an error is written (and
>  if an option is set, the execution terminated), and NULL is
>  returned without setting errno, but that’s UB already anyway.)

Indeed, UB covers everything.  As long as you return a different errno
code and document what it does, your users will likely remain happy.

> Also no need to Cc me, I get this via the musl mailing list, in
> which I have some interest (dalias generally knows his stuff).

Okay.

> 
> bye,
> //mirabilos
> -- 
> 22:20⎜<asarch> The crazy that persists in his craziness becomes a master
> 22:21⎜<asarch> And the distance between the craziness and geniality is
> only measured by the success 18:35⎜<asarch> "Psychotics are consistently
> inconsistent. The essence of sanity is to be inconsistently inconsistent

:-)


Have a lovely day!
Alex

-- 
<https://www.alejandro-colomar.es/>

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.