[PATCH libinput] util: abort if we try to allocate more than a MB

Peter Hutterer peter.hutterer at who-t.net
Wed Jun 20 00:32:04 UTC 2018 

On Tue, Jun 19, 2018 at 09:22:52PM -0300, Matheus Santana wrote:
> Reviewed-by: Matheus Santana <embs at cin.ufpe.br>
> 
> The check for negatives isn't needed anymore?

you mean zalloc_overflow? good point. I'll leave it in though because it
does test a valid error case.  I've added more tests for zalloc(some large
number) though.

diff --git a/test/litest-selftest.c b/test/litest-selftest.c
index 72bdabac..ab185d2a 100644
--- a/test/litest-selftest.c
+++ b/test/litest-selftest.c
@@ -350,6 +350,19 @@ START_TEST(zalloc_overflow)
 }
 END_TEST

+START_TEST(zalloc_max_size)
+{
+       /* Built-in alloc maximum */
+       zalloc(1024 * 1024);
+}
+END_TEST
+
+START_TEST(zalloc_too_large)
+{
+       zalloc(1024 * 1024 + 1);
+}
+END_TEST
+
 static Suite *
 litest_assert_macros_suite(void)
 {
@@ -415,7 +428,9 @@ litest_assert_macros_suite(void)
        suite_add_tcase(s, tc);

        tc = tcase_create("zalloc ");
+       tcase_add_test(tc, zalloc_max_size);
        tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT);
+       tcase_add_test_raise_signal(tc, zalloc_too_large, SIGABRT);
        suite_add_tcase(s, tc);

        return s;

Cheers,
   Peter

> 
> On Tue, Jun 19, 2018 at 8:44 PM, Peter Hutterer <peter.hutterer at who-t.net>
> wrote:
> 
> > The ssize_t cast upsets coverity for some reason but we can be a lot more
> > restrictive here anyway. Quick analysis of the zalloc calls in the test
> > suite
> > show the largest allocation is 9204 bytes.
> >
> > Let's put a cap on for one MB, anything above that is likely some memory
> > corruption and should be caught early.
> >
> > Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
> > ---
> >  src/libinput-util.h | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/libinput-util.h b/src/libinput-util.h
> > index 8c67dcbd..4f60e8ea 100644
> > --- a/src/libinput-util.h
> > +++ b/src/libinput-util.h
> > @@ -142,7 +142,9 @@ zalloc(size_t size)
> >  {
> >         void *p;
> >
> > -       if ((ssize_t)size < 0)
> > +       /* We never need to alloc anything even near one MB so we can
> > assume
> > +        * if we ever get above that something's going wrong */
> > +       if (size > 1024 * 1024)
> >                 abort();
> >
> >         p = calloc(1, size);
> > --
> > 2.17.1

More information about the wayland-devel mailing list