Lack of Sanity Checking for malloc() in LuaJIT 2.0.x in /src/hosts/buildvm.c

• From: Bill Parker <wp02855@xxxxxxxxx>
• To: luajit@xxxxxxxxxxxxx
• Date: Sat, 21 Feb 2015 13:18:49 -0800

Hello All,

   In reviewing code in LuaJIT 2.0.x, I found a number of instances where
calls to malloc() were made, but no corresponding test for NULL is done,
which would indicate failure.  I know that linux does memory overcommiting,
but the patch file below (in diff -u) format adds the needed checks:

--- buildvm.c.orig    2015-02-21 09:45:46.229623401 -0800
+++ buildvm.c    2015-02-21 09:53:52.214389566 -0800
@@ -120,6 +120,10 @@
 #endif
   }
   p = (char *)malloc(strlen(name)+1);  /* MSVC doesn't like strdup. */
+  if (p == NULL) { /* malloc() failed, what do we do now? */
+    /* should we print a warning message? */
+    return NULL;
+  }
   strcpy(p, name);
   return p;
 }
@@ -175,11 +179,20 @@
   /* Initialize DynASM structures. */
   ctx->nglob = GLOB__MAX;
   ctx->glob = (void **)malloc(ctx->nglob*sizeof(void *));
+  if (ctx->glob == NULL) { /* malloc() failed, what do we do now? */
+    /* should we print a warning message? */
+    return -1;
+  }
+
   memset(ctx->glob, 0, ctx->nglob*sizeof(void *));
   ctx->nreloc = 0;

   ctx->globnames = globnames;
   ctx->relocsym = (const char **)malloc(NRELOCSYM*sizeof(const char *));
+  if (ctx->relocsym == NULL) { /* malloc() failed, what do we do now? */
+    /* should we print a warning message? */
+    return -1;
+  }
   ctx->nrelocsym = 0;
   for (i = 0; i < (int)NRELOCSYM; i++) relocmap[i] = -1;

@@ -197,13 +210,25 @@
   (void)dasm_checkstep(Dst, -1);
   if ((status = dasm_link(Dst, &ctx->codesz))) return status;
   ctx->code = (uint8_t *)malloc(ctx->codesz);
+  if (ctx->code == NULL) { /* malloc() failed, what do we do now? */
+    /* should we print a warning message? */
+    return -1;
+  }
   if ((status = dasm_encode(Dst, (void *)ctx->code))) return status;

   /* Allocate symbol table and bytecode offsets. */
   ctx->beginsym = sym_decorate(ctx, "", LABEL_PREFIX "vm_asm_begin");
   ctx->sym = (BuildSym *)malloc((ctx->npc+ctx->nglob+1)*sizeof(BuildSym));
+  if (ctx->sym == NULL) { /* malloc() failed, what do we do now? */
+    /* should we print a warning message? */
+    return -1;
+  }
   ctx->nsym = 0;
   ctx->bc_ofs = (int32_t *)malloc(ctx->npc*sizeof(int32_t));
+  if (ctx->bc_ofs == NULL) { /* malloc() failed, what do we do now? */
+    /* should we print a warning message? */
+    return -1;
+  }

   /* Collect the opcodes (PC labels). */
   for (i = 0; i < ctx->npc; i++) {

I am attaching the patch file to this email.

Bill Parker (wp02855 at gmail dot com)

Attachment: buildvm.c.patch
Description: Binary data

• Follow-Ups:
  • Re: Lack of Sanity Checking for malloc() in LuaJIT 2.0.x in /src/hosts/buildvm.c
    • From: Mike Pall

Other related posts:

• » Lack of Sanity Checking for malloc() in LuaJIT 2.0.x in /src/hosts/buildvm.c - Bill Parker
• » Re: Lack of Sanity Checking for malloc() in LuaJIT 2.0.x in /src/hosts/buildvm.c- Mike Pall
• » Re: Lack of Sanity Checking for malloc() in LuaJIT 2.0.x in /src/hosts/buildvm.c- Bill Parker
• » Re: Lack of Sanity Checking for malloc() in LuaJIT 2.0.x in /src/hosts/buildvm.c- Mike Pall

1. Home
2. luajit
3. Archive
4. 02-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---