Skip to content

Commit 375e9a8

Browse files
tautschnigDaniel Kroening
authored and
Daniel Kroening
committed
Avoid out-of-memory conditions when zero-initializing objects
When code requests large arrays, we should not instantiate them, and instead use ARRAY_OF. Fixes: #4602
1 parent b7f3f2d commit 375e9a8

File tree

3 files changed

+10
-2
lines changed

3 files changed

+10
-2
lines changed

regression/cbmc-library/calloc-02/main.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
#include <assert.h>
2+
#include <stdint.h>
23
#include <stdlib.h>
34

45
int main()
@@ -7,6 +8,10 @@ int main()
78
if(p)
89
assert(p[0] == 0);
910

11+
p = calloc(SIZE_MAX, 1);
12+
if(p)
13+
assert(p[0] == 0);
14+
1015
size_t size;
1116
size_t num;
1217
p = calloc(size, num);

regression/cbmc-library/calloc-02/test.desc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
CORE
22
main.c
3-
--unsigned-overflow-check --pointer-check
3+
--unsigned-overflow-check --pointer-check --arrays-uf-always
44
^EXIT=0$
55
^SIGNAL=0$
66
^VERIFICATION SUCCESSFUL$

src/util/expr_initializer.cpp

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ Author: Daniel Kroening, [email protected]
1313

1414
#include "arith_tools.h"
1515
#include "c_types.h"
16+
#include "magic.h"
1617
#include "namespace.h"
1718
#include "pointer_offset_size.h"
1819
#include "std_code.h"
@@ -133,7 +134,9 @@ optionalt<exprt> expr_initializert<nondet>::expr_initializer_rec(
133134
return {};
134135

135136
const auto array_size = numeric_cast<mp_integer>(array_type.size());
136-
if(array_type.size().id() == ID_infinity || !array_size.has_value())
137+
if(
138+
array_type.size().id() == ID_infinity || !array_size.has_value() ||
139+
*array_size > MAX_FLATTENED_ARRAY_SIZE)
137140
{
138141
if(nondet)
139142
return side_effect_expr_nondett(type, source_location);

0 commit comments

Comments
 (0)