hardened_malloc icon indicating copy to clipboard operation
hardened_malloc copied to clipboard
verified publisher icon GrapheneOS

test: add tests for zero sized realloc(3)

Open cgzones opened this issue 8 months ago • 4 comments

C23 declared calling realloc(3) with a non-NULL pointer and zero size Undefined behavior. Check that hardened_malloc handles that case sanely by free'ing the old pointer and returning a special pointer, like malloc(3) called with size zero.

cgzones avatar Apr 05 '25 14:04 cgzones

This will break real world applications and isn't actually memory corruption, resulting in reduced security from not being able to use those applications from hardened_malloc.

thestinger avatar Apr 05 '25 14:04 thestinger

The safest way to handle this is the way it already does: treating it the same way as malloc(0) by resizing to a 0 size allocation, which with hardened_malloc points to PROT_NONE memory with a unique address meeting the minimum alignment requirements for malloc despite it having a usable size of 0.

thestinger avatar Apr 05 '25 14:04 thestinger

Dropped the change in behavior, and added some additional test cases.

cgzones avatar Apr 05 '25 14:04 cgzones

Kindly ping

cgzones avatar Sep 21 '25 10:09 cgzones