Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CY4PR02MB2231DC947A389856977CFF4E82C40@CY4PR02MB2231.namprd02.prod.outlook.com>
Date: Mon, 19 Jun 2017 15:16:16 +0000
From: Jamie Mccrae <Jamie.Mccrae@...rdtech.com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
Subject: Query regarding malloc if statement

Hi,

I'm using musl to compile a cross-distro application which I've been having problems with and whilst discussing the problem the developer of another project, was shown a musl malloc function which manually checks the contents of each byte and changes it to 0 if the byte is non-0. This code is in src/malloc/malloc.c as so:

void *__malloc0(size_t n)
{
        void *p = malloc(n);
        if (p && !IS_MMAPPED(MEM_TO_CHUNK(p))) {
                size_t *z;
                n = (n + sizeof *z - 1)/sizeof *z;
                for (z=p; n; n--, z++) if (*z) *z=0;
        }
        return p;
}


This code causes thousands of errors when using valgrind (in excess of 800,000 for my application) due to checking the value of each byte before it has been set and I have to agree with this other developer that I'm at a loss as to why this is performed. If you step through the array and just set each byte to 0 then there will be no read-before-initialisation error and the function will run much faster due to not having to retrieve the data. Why not instead use:

                for (z=p; n; n--, z++) *z=0;

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.