Svadev mailing list

[Vikram Adve <vadve AT illinois.edu>]

That makes sense to me.  Did you try changing the code to use strlen(s)+1?

Also, why do you think it should have been caught before?  It's possible we 
didn't have any tests that use strdup() and max out the string that can be 
held in it.

--Vikram
Professor, Computer Science
University of Illinois at Urbana-Champaign
http://llvm.org/~vadve




On Sep 21, 2011, at 5:47 PM, Matthew Wala wrote:

> Hi everyone:
> 
> I think I may know why my code was triggering memory safety bugs in
> the LLVM test suite program MultiSource/Applications/d. It turns out
> that d uses strdup() as an allocator. In
> lib/Support/AllocatorInfo.cpp, the
> StringAllocatorInfo:getOrCreateAllocSize uses a call to strlen() to
> determine the size of the allocation. The problem is that the real
> size of strdup(s) is strlen(s) + 1, but the current code just does
> strlen(s). So I believe it was registering the item in the pool with
> the wrong object size, which is why my checks were giving an off by
> one error. I don't know if that makes sense though, since it seems
> like an issue that should have been caught before.
> 
> Matt
> _______________________________________________
> svadev mailing list
> svadev AT cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/svadev