11646 – [snn] `malloc` is unstable for large allocations

D issues are now tracked on GitHub. This Bugzilla instance remains as a read-only archive.

Issue 11646 - [snn] `malloc` is unstable for large allocations

Summary: [snn] `malloc` is unstable for large allocations

Status:	RESOLVED FIXED

Alias:	None

Product:	D
Classification:	Unclassified
Component:	druntime (show other issues)
Version:	D2
Hardware:	All Windows

Importance:	P2 major
Assignee:	No Owner

URL:
Keywords:	backend, wrong-code

Depends on:
Blocks:

Reported:	2013-11-30 01:54 UTC by Denis Shelomovskii
Modified:	2020-08-31 02:31 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Denis Shelomovskii 2013-11-30 01:54:26 UTC

There are integer overflows in snn's `malloc` for large allocations:
---
import core.stdc.stdlib;

void main()
{
    assert(!malloc(-1)); // Assertion failure
    assert(!malloc(0xD5550000)); // OK
    assert(!malloc(0xD5560000)); // Access violation in RTLHeapBlock::Reclaim
}
---

Yes, it really thinks it can allocate `size_t.max` bytes.

Comment 1 Walter Bright 2020-08-31 02:04:33 UTC

The malloc code in snn.lib is:

  void *malloc (size_t m_size)
  {
    /* The +2 is because there's a buffer overflow somewhere in stlport.
     * It is triggered by stltutorial\ex13-01.cpp
     */
    return HeapAlloc(_default_heap, 0, m_size + 2);
  }

https://github.com/DigitalMars/dmc/blob/master/src/HEAP32/MALLOC.C

HeapAlloc() is a Windows system function, i.e. bugs in it are Windows bugs.

Comment 2 Walter Bright 2020-08-31 02:19:58 UTC

Fixed: https://github.com/DigitalMars/dmc/commit/1ba0e41c66d8c7a266b55e5b7b19ed9476ca7726

Comment 3 Walter Bright 2020-08-31 02:31:21 UTC

I've updated the dmc.zip and dm857c.zip downloads.