Opened 19 months ago
Closed 19 months ago
#26093 closed defect (not a bug)
memalign() may fail
Reported by: | Dhiraj | Owned by: | |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Core Tor/Tor | Version: | |
Severity: | Normal | Keywords: | |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
Hi Team,
I am not sure about this issue please advise,
https://github.com/torproject/tor/blob/master/src/ext/OpenBSD_malloc_Linux.c#L295
i.e
void *memalign(size_t boundary, size_t size);
On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable.
Also note that memalign() may not check that the boundary parameter is correct such as (CWE-676).
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient.
Request team to please have a look.
Regards
Dhiraj
Child Tickets
Change History (3)
comment:1 Changed 19 months ago by
Component: | - Select a component → Core Tor/Tor |
---|
comment:2 Changed 19 months ago by
comment:3 Changed 19 months ago by
Resolution: | → not a bug |
---|---|
Status: | new → closed |
But that's dead code...
$ ag memalign src/ext/OpenBSD_malloc_Linux.c 295:void *memalign(size_t boundary, size_t size); 1992:int posix_memalign(void **memptr, size_t alignment, size_t size) 2015:void *memalign(size_t boundary, size_t size) 2018: posix_memalign(&r, boundary, size); 2025: posix_memalign(&r, malloc_pagesize, size);
memalign()
in OpenBSD_malloc_Linux.c is not used anywhere and not even compiled in by default.
Depends #20424 resolution.