At 16:57 +0100 on 31 Mar (1427821072), Andrew Cooper wrote: > Currently, _xmalloc() supports zero-sized allocations by returning a sentinel > poisoned pointer. > > I posit that there are no legitimate situation for any code in the hypervisor > to make a zero sized allocation. > > Furthermore, the sentinel value will pass a NULL pointer check, and > introduces an unnecessary security risk if it is accidentally used. > > Instead, turn a zero-sized allocation into a clean fatal error.
I think this code is better as it is now. malloc-style allocators typically allow zero-sized allocations so code that expects it to work isn't unreasonable. And even if we audited all callers and remembered to catch this in new code, we might inherit some next time we import code from linux, since AFAICT the linux allocators allow it. The poisoned pointer we have right now will DTRT in a pretty obvious way if it's actually dereferenced, so I think we're OK there -- that is, I don't see a security risk other than DoS, and this patch wouldn't fix the DoS. Cheers, Tim. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
