Subject: Re: malloc and printf() Qs.
To: Cherry G. Mathew <firstname.lastname@example.org>
From: David Laight <email@example.com>
Date: 04/16/2007 07:42:55
On Sun, Apr 15, 2007 at 10:31:32PM +0100, Cherry G. Mathew wrote:
> So I recently moved a buggy userland program that was running fine on
> -current to Linux, which proceeded to SIGSEGV. I traced it down to
> overflowing sprintfs() into (consecutive) malloc()ed buffers. I'm a
> bit shocked that it didn't tell me about it on NetBSD. Is this by
> design ?
It rather all depends on the implementation of malloc.
Rounding up of the requested size might stop a small overflow trashing
any important data.
It is also possible to implement malloc without any 'red tape' between
data items, in which case an overflow will not cause the malloc code
to segv. The kernel malloc is more likely to be implemented that way though.
David Laight: firstname.lastname@example.org