bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Request Suggestion] How does obstack deal with the specific valid addre

From: TU Haoxin
Subject: [Request Suggestion] How does obstack deal with the specific valid address in obstack_free ?
Date: Mon, 10 Jan 2022 16:46:54 +0000
Dear developers,

I hope it's fine for me to ask you a question, please forgive me if not. I just have a question about the implementation intention of obstack_free (an API in obstack, which is widely used in various gnu libraries, e.g.c Glibc, more details in https://gcc.gnu.org/onlinedocs/libiberty), and want to request your suggestions.


The question is about the intention of how does obstack_free free an address at the bottom of a chunk in the obstack. Here is a quick demonstration code: https://godbolt.org/z/arv4ha19b

My point here is that the address "string_obstack->chunk" in obstrack_free (line 40) is a valid address from this chunk, and it should be freed normally as other pointers (execute this line will crash). However, it seems the current obstack_free function can not handle it and it will finally get an abort failure. (please refer to the gdb-log.txt in the attachment, as well as the testing code and the compiling script, for more details).

I found this "issue" when I tested the library using the symbolic execution technique. Again, I am not sure whether it's an issue or not. If so, the possible fixing is just changing the if condition "__obj > (void *) __o->chunk" to "__obj >= (void *) __o->chunk". Or if not, is it the intention of the obstack implementation to do so? Or in what purpose does obstack not support free from that specific address? Since the obstack is widely used, I guess it's quite important to avoid any potential issues in the implementation code.

obstack_free defined in "obstack.h"
```
# define obstack_free(OBSTACK, OBJ)      \
  __extension__      \
    ({ struct obstack *__o = (OBSTACK);      \
       void *__obj = (OBJ);      \
       if (__obj > (void *) __o->chunk && __obj < (void *) __o->chunk_limit)  \
__o->next_free = __o->object_base = (char *) __obj;      \
       else (__obstack_free) (__o, __obj); })
```

Any suggestions or comments are welcome!

Thank you very much for your time and waiting for your reply~


Best regards,
Haoxin

Attachment: gdb-log.txt
Description: gdb-log.txt

Attachment: obstack-test.c
Description: obstack-test.c

Attachment: compile.sh
Description: compile.sh

reply via email to
[Prev in Thread] Current Thread [Next in Thread]