bpo-31626: Mark ends of the reallocated block in debug build.#4210
bpo-31626: Mark ends of the reallocated block in debug build.#4210serhiy-storchaka merged 5 commits into
Conversation
Sorry, something went wrong.
Few bytes at the begin and at the end of the reallocated blocks, as well as the header and the trailer, now are erased before calling realloc() in debug build. This will help to detect using or double freeing the reallocated block.
vstinner
left a comment
vstinner
left a comment
There was a problem hiding this comment.
Sorry, it's my fault, I misunderstood your code :-(
Sorry, something went wrong.
vstinner
left a comment
vstinner
left a comment
There was a problem hiding this comment.
LGTM.
Congrats for implementing the feature with your very long list of constraints (no additional heap allocation, "correct" code, low stack memory usage, etc.). Your code is very smart, and I missed some parts on my first rounds of review.
Do you want to backport this change to other Python branches?
I don't think that it's needed since the current code (modify freed memory after realloc) "just works". It does crash on OpenBSD, but I'm not interested to support OpenBSD in Python 2.7 and 3.6, I prefer to focus on supporting it in the master branch.
Sorry, something went wrong.
|
There was no crash on 2.7, and the fix for crash was backported to 3.6. This PR adds a new feature (the previous implementation didn't work, it was a dead code except OpenBSD where it caused a crash) that can help to catch memory bugs. I don't want to backport it. |
Sorry, something went wrong.
Oh, I didn't see that you already removed the memset() from 3.6. In that case, I would suggest to backport this PR to Python 3.6 as well, to not loose the detection of "use after free" by debug hooks. |
Sorry, something went wrong.
|
Left this on to @ned-deily. But note that this detection doesn't work since 3.4, and this change is much more complex than #4145. |
Sorry, something went wrong.
|
My reaction is that the risk due to complexity of the changes outweigh the benefits so I would agree with @serhiy-storchaka that we should not backport this. |
Sorry, something went wrong.
Ok, fine. |
Sorry, something went wrong.
|
@serhiy-storchaka: For Python 3.6, what do you think of using Python 2.7 simple code? The code expect that realloc() never fails when shrinking. While Xavier De Gaye and me made realloc() failing anyway using tools to inject memory allocation failures, it seems like in the wild with system realloc(), realloc() never fails in that case. If you agree, I can prepare a PR if you want. Or you can do, as you want :-) For the master branch, I really prefer this PR since it's the "most correct" code: it supports hardcore testing as Xavier and me did ;-) |
Sorry, something went wrong.
|
This is what the initial version of #3844 did. But I agree with your arguments, adding this in 3.6 is risky. The third-party code in 3.6 can expect that realloc() don't change the content on failure. |
Sorry, something went wrong.
…#4210) Few bytes at the begin and at the end of the reallocated blocks, as well as the header and the trailer, now are erased before calling realloc() in debug build. This will help to detect using or double freeing the reallocated block.
Few bytes at the begin and at the end of the reallocated blocks, as well
as the header and the trailer, now are erased before calling
realloc()in debug build. This will help to detect using or double freeing the
reallocated block.
https://bugs.python.org/issue31626