[PATCH libinput] util: abort if we try to allocate more than a MB

Matheus Santana embs at cin.ufpe.br
Wed Jun 20 00:46:57 UTC 2018 

Great. I wasn't aware of the test case. Thanks for the heads up!


Best regards,
Matheus

On Tue, Jun 19, 2018 at 9:32 PM, Peter Hutterer <peter.hutterer at who-t.net>
wrote:

> On Tue, Jun 19, 2018 at 09:22:52PM -0300, Matheus Santana wrote:
> > Reviewed-by: Matheus Santana <embs at cin.ufpe.br>
> >
> > The check for negatives isn't needed anymore?
>
> you mean zalloc_overflow? good point. I'll leave it in though because it
> does test a valid error case.  I've added more tests for zalloc(some large
> number) though.
>
> diff --git a/test/litest-selftest.c b/test/litest-selftest.c
> index 72bdabac..ab185d2a 100644
> --- a/test/litest-selftest.c
> +++ b/test/litest-selftest.c
> @@ -350,6 +350,19 @@ START_TEST(zalloc_overflow)
>  }
>  END_TEST
>
> +START_TEST(zalloc_max_size)
> +{
> +       /* Built-in alloc maximum */
> +       zalloc(1024 * 1024);
> +}
> +END_TEST
> +
> +START_TEST(zalloc_too_large)
> +{
> +       zalloc(1024 * 1024 + 1);
> +}
> +END_TEST
> +
>  static Suite *
>  litest_assert_macros_suite(void)
>  {
> @@ -415,7 +428,9 @@ litest_assert_macros_suite(void)
>         suite_add_tcase(s, tc);
>
>         tc = tcase_create("zalloc ");
> +       tcase_add_test(tc, zalloc_max_size);
>         tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT);
> +       tcase_add_test_raise_signal(tc, zalloc_too_large, SIGABRT);
>         suite_add_tcase(s, tc);
>
>         return s;
>
> Cheers,
>    Peter
>
> >
> > On Tue, Jun 19, 2018 at 8:44 PM, Peter Hutterer <
> peter.hutterer at who-t.net>
> > wrote:
> >
> > > The ssize_t cast upsets coverity for some reason but we can be a lot
> more
> > > restrictive here anyway. Quick analysis of the zalloc calls in the test
> > > suite
> > > show the largest allocation is 9204 bytes.
> > >
> > > Let's put a cap on for one MB, anything above that is likely some
> memory
> > > corruption and should be caught early.
> > >
> > > Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
> > > ---
> > >  src/libinput-util.h | 4 +++-
> > >  1 file changed, 3 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/src/libinput-util.h b/src/libinput-util.h
> > > index 8c67dcbd..4f60e8ea 100644
> > > --- a/src/libinput-util.h
> > > +++ b/src/libinput-util.h
> > > @@ -142,7 +142,9 @@ zalloc(size_t size)
> > >  {
> > >         void *p;
> > >
> > > -       if ((ssize_t)size < 0)
> > > +       /* We never need to alloc anything even near one MB so we can
> > > assume
> > > +        * if we ever get above that something's going wrong */
> > > +       if (size > 1024 * 1024)
> > >                 abort();
> > >
> > >         p = calloc(1, size);
> > > --
> > > 2.17.1
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20180619/d722637f/attachment.html>

More information about the wayland-devel mailing list