search

plasma-umass / Mesh

A memory allocator that automatically reduces the memory footprint of C/C++ applications.
Apache License 2.0
1.75k stars 73 forks source link

Bug in alloating negative size #62

Closed insuyun closed 4 years ago

insuyun commented 5 years ago

Hi, all. I think I talked this issue with Prof. Berger. We tested mesh with ArcHeap: https://arxiv.org/pdf/1903.00503.pdf and found issue about negative size.

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <malloc.h>

void* p[256];
uintptr_t buf[256];

int main() {
  // [INFO] Command buffer: 0x327b2000
  // [INFO] Input size: 33
  p[0] = malloc(-8);
  p[2] = malloc(-8);
  // [BUG] Found overlap
  // p[2]=0x7f16de08a000 (size=32), p[0]=0x7f16de08a000 (size=32)
  fprintf(stderr, "p1: %p-%p, p2: %p-%p\n", p[2], p[2] + 32, p[0], p[0] + 32);
}

I think this p[0] and [2] should return NULL, not the overlapping chunks. Thank you.

Best, Insu Yun.

bobby-stripe commented 5 years ago

ack, thanks! will fix shortly

bpowers commented 4 years ago

@jakkdu thanks again for this report - I've adjusted Mesh to fail requests like that. Please let me know if you find anything else!