Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAA2zVHr-4Za81Zs3WSDWpDg1rBhnb=k=EAP-2oAvLeY3btKviQ@mail.gmail.com>
Date: Mon, 19 Sep 2022 20:13:57 -0400
From: James Y Knight <jyknight@...gle.com>
To: baiyang <baiyang@...il.com>
Cc: musl <musl@...ts.openwall.com>, Florian Weimer <fweimer@...hat.com>
Subject: Re: Re: The heap memory performance (malloc/free/realloc) is
 significantly degraded in musl 1.2 (compared to 1.1)

On Mon, Sep 19, 2022 at 1:40 PM baiyang <baiyang@...il.com> wrote:

> Hi James,
>
> I looked at the code of tcmalloc, but I didn't find any of the problems
> you mentioned in the implementation of malloc_usable_size (see:
> https://github.com/google/tcmalloc/blob/9179bb884848c30616667ba129bcf9afee114c32/tcmalloc/tcmalloc.cc#L1099
>  ).
>
> On the contrary, similar to musl, tcmalloc also directly uses the return
> value of malloc_usable_size in its realloc implementation to determine
> whether memory needs to be reallocated:
> https://github.com/google/tcmalloc/blob/9179bb884848c30616667ba129bcf9afee114c32/tcmalloc/tcmalloc.cc#L1499
>
> I think this is enough to show that the return value of malloc_usable_size
> in tcmalloc is accurate and reliable, otherwise its own realloc will
> cause a segment fault.
>

It returns an accurate value, but it is undefined behavior to actually
_use_ that memory. You need to first call realloc -- and when calling
realloc, you (probably...) need to access the new memory via the return
value of the realloc call, rather than the pointer you passed as input --
even if they happen to have the same integer representation. (Though
there's certainly plenty of debate/discussion regarding the exact workings
of, and advisability of, such 'pointer provenance" rules...). In any case,
calling the function inside the malloc implementation to implement realloc
is a different matter entirely from user code calling it.

And, note that just because something works for you today doesn't mean it's
correct or allowed. It just means that you've been able to get away with
it. So far. Until one day it stops working. That's the really fun part of
Undefined Behavior...

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.