Svadev mailing list

[Matthew Wala <wala1 AT illinois.edu>]

On Wed, Sep 21, 2011 at 9:25 PM, Vikram Adve 
<vadve AT illinois.edu>
 wrote:
> That makes sense to me.  Did you try changing the code to use strlen(s)+1?
>
> Also, why do you think it should have been caught before?  It's possible we 
> didn't have any tests that use strdup() and max out the string that can be 
> held in it.
>

It just seemed like an obvious thing to test.

Matt

>
> --Vikram
> Professor, Computer Science
> University of Illinois at Urbana-Champaign
> http://llvm.org/~vadve
>
>
>
>
> On Sep 21, 2011, at 5:47 PM, Matthew Wala wrote:
>
>> Hi everyone:
>>
>> I think I may know why my code was triggering memory safety bugs in
>> the LLVM test suite program MultiSource/Applications/d. It turns out
>> that d uses strdup() as an allocator. In
>> lib/Support/AllocatorInfo.cpp, the
>> StringAllocatorInfo:getOrCreateAllocSize uses a call to strlen() to
>> determine the size of the allocation. The problem is that the real
>> size of strdup(s) is strlen(s) + 1, but the current code just does
>> strlen(s). So I believe it was registering the item in the pool with
>> the wrong object size, which is why my checks were giving an off by
>> one error. I don't know if that makes sense though, since it seems
>> like an issue that should have been caught before.
>>
>> Matt
>> _______________________________________________
>> svadev mailing list
>> svadev AT cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/svadev
>
>