Skip to content

Fix double-free bug in stdlib models with --malloc-fail-null #5518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2020
Merged

Fix double-free bug in stdlib models with --malloc-fail-null #5518

merged 1 commit into from
Oct 7, 2020

Conversation

hannes-steffenhagen-diffblue
Copy link
Contributor

@hannes-steffenhagen-diffblue hannes-steffenhagen-diffblue commented Oct 7, 2020
edited
Loading

If realloc results in a larger memory block the old one needs to be
freed... but this should only happen if the allocation of the new block
succeeds. The old model didn't properly check for that, this is now
fixed.

This should fix #5511

(Linked to wrong issue before)

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • White-space or formatting changes outside the feature-related changed lines are in commits of their own.

chrisr-diffblue
chrisr-diffblue approved these changes Oct 7, 2020
View reviewed changes
Copy link
Contributor

@chrisr-diffblue chrisr-diffblue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!

@hannes-steffenhagen-diffblue
Fix double-free bug in stdlib models with --malloc-fail-null
1791d15 
If realloc results in a larger memory block the old one needs to be
freed... but this should only happen if the allocation of the new block
succeeds. The old model didn't properly check for that, this is now
fixed.
@codecov
Copy link

codecov bot commented Oct 7, 2020
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (develop@b49f31f). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##             develop    #5518   +/-   ##
==========================================
  Coverage           ?   68.40%           
==========================================
  Files              ?     1187           
  Lines              ?    98090           
  Branches           ?        0           
==========================================
  Hits               ?    67102           
  Misses             ?    30988           
  Partials           ?        0
Flag Coverage Δ
#cproversmt2 42.97% <ø> (?)
#regression 65.55% <ø> (?)
#unit 32.25% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b49f31f...1791d15. Read the comment docs.

piotr-grabalski
piotr-grabalski approved these changes Oct 7, 2020
View reviewed changes
Copy link
Contributor

@piotr-grabalski piotr-grabalski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

thomasspriggs
thomasspriggs approved these changes Oct 7, 2020
View reviewed changes
Copy link
Contributor

@thomasspriggs thomasspriggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@hannes-steffenhagen-diffblue hannes-steffenhagen-diffblue merged commit 0ec7ed4 into diffblue:develop Oct 7, 2020
@feliperodri feliperodri mentioned this pull request Feb 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisr-diffblue chrisr-diffblue chrisr-diffblue approved these changes

@thomasspriggs thomasspriggs thomasspriggs approved these changes

@piotr-grabalski piotr-grabalski piotr-grabalski approved these changes

@kroening kroening Awaiting requested review from kroening kroening is a code owner

@tautschnig tautschnig Awaiting requested review from tautschnig tautschnig is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

false positives when --malloc-may-fail and --malloc-fail-null are used with realloc
4 participants
@hannes-steffenhagen-diffblue @chrisr-diffblue @thomasspriggs @piotr-grabalski