← Back to index | Original Bugzilla link

Bug 11646 – [snn] `malloc` is unstable for large allocations

Status: RESOLVED
Resolution: FIXED
Severity: major
Priority: P2
Component: druntime
Product: D
Version: D2
Platform: All
OS: Windows
Creation time: 2013-11-30T01:54:26Z
Last change time: 2020-08-31T02:31:21Z
Keywords: backend, wrong-code
Assigned to: No Owner
Creator: Denis Shelomovskii

Comments

Comment #0 by verylonglogin.reg — 2013-11-30T01:54:26Z

There are integer overflows in snn's `malloc` for large allocations: --- import core.stdc.stdlib; void main() { assert(!malloc(-1)); // Assertion failure assert(!malloc(0xD5550000)); // OK assert(!malloc(0xD5560000)); // Access violation in RTLHeapBlock::Reclaim } --- Yes, it really thinks it can allocate `size_t.max` bytes.

Comment #1 by bugzilla — 2020-08-31T02:04:33Z

The malloc code in snn.lib is: void *malloc (size_t m_size) { /* The +2 is because there's a buffer overflow somewhere in stlport. * It is triggered by stltutorial\ex13-01.cpp */ return HeapAlloc(_default_heap, 0, m_size + 2); } https://github.com/DigitalMars/dmc/blob/master/src/HEAP32/MALLOC.C HeapAlloc() is a Windows system function, i.e. bugs in it are Windows bugs.

Comment #2 by bugzilla — 2020-08-31T02:19:58Z

Fixed: https://github.com/DigitalMars/dmc/commit/1ba0e41c66d8c7a266b55e5b7b19ed9476ca7726

Comment #3 by bugzilla — 2020-08-31T02:31:21Z

I've updated the dmc.zip and dm857c.zip downloads.