[PATCH libinput] util: abort if we try to allocate more than a MB
Matheus Santana
embs at cin.ufpe.br
Wed Jun 20 00:46:57 UTC 2018
Great. I wasn't aware of the test case. Thanks for the heads up!
Best regards,
Matheus
On Tue, Jun 19, 2018 at 9:32 PM, Peter Hutterer <peter.hutterer at who-t.net>
wrote:
> On Tue, Jun 19, 2018 at 09:22:52PM -0300, Matheus Santana wrote:
> > Reviewed-by: Matheus Santana <embs at cin.ufpe.br>
> >
> > The check for negatives isn't needed anymore?
>
> you mean zalloc_overflow? good point. I'll leave it in though because it
> does test a valid error case. I've added more tests for zalloc(some large
> number) though.
>
> diff --git a/test/litest-selftest.c b/test/litest-selftest.c
> index 72bdabac..ab185d2a 100644
> --- a/test/litest-selftest.c
> +++ b/test/litest-selftest.c
> @@ -350,6 +350,19 @@ START_TEST(zalloc_overflow)
> }
> END_TEST
>
> +START_TEST(zalloc_max_size)
> +{
> + /* Built-in alloc maximum */
> + zalloc(1024 * 1024);
> +}
> +END_TEST
> +
> +START_TEST(zalloc_too_large)
> +{
> + zalloc(1024 * 1024 + 1);
> +}
> +END_TEST
> +
> static Suite *
> litest_assert_macros_suite(void)
> {
> @@ -415,7 +428,9 @@ litest_assert_macros_suite(void)
> suite_add_tcase(s, tc);
>
> tc = tcase_create("zalloc ");
> + tcase_add_test(tc, zalloc_max_size);
> tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT);
> + tcase_add_test_raise_signal(tc, zalloc_too_large, SIGABRT);
> suite_add_tcase(s, tc);
>
> return s;
>
> Cheers,
> Peter
>
> >
> > On Tue, Jun 19, 2018 at 8:44 PM, Peter Hutterer <
> peter.hutterer at who-t.net>
> > wrote:
> >
> > > The ssize_t cast upsets coverity for some reason but we can be a lot
> more
> > > restrictive here anyway. Quick analysis of the zalloc calls in the test
> > > suite
> > > show the largest allocation is 9204 bytes.
> > >
> > > Let's put a cap on for one MB, anything above that is likely some
> memory
> > > corruption and should be caught early.
> > >
> > > Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
> > > ---
> > > src/libinput-util.h | 4 +++-
> > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/src/libinput-util.h b/src/libinput-util.h
> > > index 8c67dcbd..4f60e8ea 100644
> > > --- a/src/libinput-util.h
> > > +++ b/src/libinput-util.h
> > > @@ -142,7 +142,9 @@ zalloc(size_t size)
> > > {
> > > void *p;
> > >
> > > - if ((ssize_t)size < 0)
> > > + /* We never need to alloc anything even near one MB so we can
> > > assume
> > > + * if we ever get above that something's going wrong */
> > > + if (size > 1024 * 1024)
> > > abort();
> > >
> > > p = calloc(1, size);
> > > --
> > > 2.17.1
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20180619/d722637f/attachment.html>
More information about the wayland-devel
mailing list