[lwip-devel] [bug #66097] mem_trim() - wrong behaviour when memory-checks are enabled

[Marco Scholz]

URL:
  <https://savannah.nongnu.org/bugs/?66097>

                 Summary: mem_trim() - wrong behaviour when memory-checks are
enabled
                   Group: lwIP - A Lightweight TCP/IP stack
               Submitter: marcoscholz
               Submitted: Fri 16 Aug 2024 06:37:55 AM UTC
                Category: pbufs
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: 2.2.0


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Fri 16 Aug 2024 06:37:55 AM UTC By: Marco Scholz <marcoscholz>
Hello,

I think I have found a problem in the mem.c - mem_trim() function. The problem
occurs when I enable the MEM_OVERFLOW_CHECK. The following example code
fails:

void* p=mem_malloc(1000);
p=mem_trim(p,999);

It triggers the assert

LWIP_ASSERT("mem_trim can only shrink memory", newsize <= size);

of line 740 in mem.c
or returns a null pointer depending of the debug configuration.

It looks like the code has problems with the MEM_SANITY_OVERHEAD.
It is not included in "size" in line 739 but it is included in "newsize" in
line 715 (in form of MEM_SANITY_REGION_BEFORE_ALIGNED +
MEM_SANITY_REGION_AFTER_ALIGNED instead of MEM_SANITY_OVERHEAD)

For security reasons I would like to turn on these checks but my current work
around is to disable them because of this.

Best regards,
Marco Scholz







    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?66097>

_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/

signature.asc
Description: PGP signature