On Mon, Nov 04, 2019 at 11:33:28AM +0100, David Hildenbrand wrote: > On 04.11.19 11:29, Janosch Frank wrote: > > Let's test for size and alignment in memalign to catch invalid input > > data. Also we need to test for NULL after calling the memalign > > function of the registered alloc operations. > > > > Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx> > > --- > > lib/alloc.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/lib/alloc.c b/lib/alloc.c > > index ecdbbc4..b763c70 100644 > > --- a/lib/alloc.c > > +++ b/lib/alloc.c > > @@ -47,6 +47,8 @@ void *memalign(size_t alignment, size_t size) > > uintptr_t mem; > > assert(alloc_ops && alloc_ops->memalign); > > + if (!size || !alignment) > > + return NULL; > > if (alignment <= sizeof(uintptr_t)) > > alignment = sizeof(uintptr_t); > > BTW, memalign MAN page > > "EINVAL The alignment argument was not a power of two, or was not a multiple > of sizeof(void *)." > Since we're not implementing the EINVAL part, then I'd assert when alignment isn't correct. > So we could also return NULL here (not sure if anybody relies on that) I made the following changes and tested with arm/arm64. No problems. Thanks, drew diff --git a/lib/alloc.c b/lib/alloc.c index ecdbbc44dbf9..ed8f5f94c9b0 100644 --- a/lib/alloc.c +++ b/lib/alloc.c @@ -46,15 +46,17 @@ void *memalign(size_t alignment, size_t size) uintptr_t blkalign; uintptr_t mem; + if (!size) + return NULL; + + assert(alignment >= sizeof(void *) && is_power_of_2(alignment)); assert(alloc_ops && alloc_ops->memalign); - if (alignment <= sizeof(uintptr_t)) - alignment = sizeof(uintptr_t); - else - size += alignment - 1; + size += alignment - 1; blkalign = MAX(alignment, alloc_ops->align_min); size = ALIGN(size + METADATA_EXTRA, alloc_ops->align_min); p = alloc_ops->memalign(blkalign, size); + assert(p); /* Leave room for metadata before aligning the result. */ mem = (uintptr_t)p + METADATA_EXTRA;
