You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 51 Next »

If ptr was allocated with an alignment returned from aligned_alloc() and if realloc() reallocates memory with a different alignment then, the behavior is undefined.

This rule only applies to compilers that conform to the (emerging) C1X standard [[Jones 09]].

Noncompliant Code Example

This noncompliant code example aligns ptr to a 4096 byte boundary whereas the realloc() function aligns the memory to a different alignment.

size_t resize = 1024;
size_t alignment = 1 << 12;
int *ptr;
int *ptr1;

if((ptr = aligned_alloc(alignment , sizeof(int))) == NULL) {
  /* handle error */
}

if((ptr1 = realloc(ptr, resize)) == NULL) {
  /* handle error */
}

The resulting program has undefined behavior as the alignment that realloc() enforces is different from aligned_alloc() function's alignment.

Implementation Details

When compiled with gcc version 4.1.2 and run on the x86_64-redhat-linux platform the following code:

#include <stdlib.h>
#include <stdio.h>

int main(void) {
size_t  size = 16;
size_t resize = 1024;
size_t align = 1 << 12;
int *ptr;
int *ptr1;

if (posix_memalign((void **)&ptr, align , size) != 0) {
 exit(EXIT_FAILURE);
}

printf("memory aligned to %d bytes\n",align);
printf("ptr = %p\n\n",ptr);

if ((ptr1 = realloc((int *)ptr, resize)) == NULL) {
 exit(EXIT_FAILURE);
}

printf("After realloc(): \n");
printf("ptr1 = %p\n", ptr1);

free(ptr1);
return 0;
}

produces the following (unexpected) output.

memory aligned to 4096 bytes
ptr = 0x1621b000

After realloc():
ptr1 = 0x1621a010

Compliant Solution

This compliant solution implements an aligned realloc() function. It allocates new memory of resize bytes with an alignment equal to that of old memory and copies old memory into it. It then frees the old memory.

size_t resize = 1024;
size_t alignment = 1 << 12;
size_t newsize;
int *ptr;
int *ptr1;

if((ptr = aligned_alloc(alignment , sizeof(int))) == NULL) {
  /* handle error */
}

if((ptr1 = aligned_alloc(alignment , resize)) == NULL) {
  /* handle error */
}

newsize = MIN(size, resize);
if((memcpy(ptr1, ptr, newsize) == NULL) {
 /* handle error */
}

free(ptr);

Risk Assessment

Improper alignment can lead to accessing arbitrary memory locations and write into it.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC36-C

high

probable

medium

P12

L1

References

[[Jones 09]] Section 7.21.3
[aligned_alloc()] 7.20.3.5

  • No labels