If ptr was allocated with an alignment returned from aligned_alloc() and if realloc() reallocates memory with a different alignment then, the behavior is undefined.
This rule is specifically for C1X standards
System-allocation function: A function which yields a pointer that may be used to access a particular object or an array of such objects in the space allocated (until the space is explicitly deallocated). The functions calloc(), malloc(), realloc() and aligned_alloc() are system-allocation functions.
System-deallocation function: A function which causes space to be deallocated, that is, made available for further allocation. The function free is a system-deallocation function.
Any other system-allocation and system-deallocation functions are implementation-defined.
| Code Block |
|---|
void *realloc (void *ptr, size_t size);
|
The function realloc is a system-allocation function and a system-deallocation function. The realloc function deallocates an old object pointed to by ptr and returns a pointer to a new object that has the specified size. The contents of the new object shall be the same as that of the old object prior to deallocation, up to the minimum of the new and old sizes and the remaining bytes have indeterminate values.
The realloc function behaves like the malloc function if ptr is null. Otherwise, if ptr does not match a pointer earlier returned by the calloc, malloc, or realloc function, or if the space has been deallocated by a call to the free or realloc function, the behavior is undefined.
If ptr was allocated with an alignment greater than alignof(max_align_t), the behavior is undefined.
Non- Compliant Code
The This non-compliant code example shows an example where that ptr is aligned to an alignment greater than the maximum alignment possible:of 4096 bytes where as the realloc() function aligns the memory to a different alignment.
| Code Block | ||
|---|---|---|
| ||
| Code Block | ||
size_t size = 16; size_t alignment = 2<<292<<12; float *ptr; floatdouble *ptr1; ptr = aligned_alloc(align , size); ptr1 = realloc(ptr, size); |
The realloc function has an undefined behavior as the alignement is maximum alignment possiblealignment that realloc() enforces is different from aligned_alloc() function's alignment.
Compliant Solution
The This compliant solution shows an example where ptr is always aligned to an alignment less than the maximum alignment possible.example checks that aligned_alloc() has the same alignment as the alignment realloc() function enforces on the memory pointed to by ptr.
| Code Block | ||
|---|---|---|
| ||
size_t size = 16; size_t alignment = 2 << 2<<2912; float *ptr; floatdouble *ptr1; ptr = aligned_alloc(align , size); if(align < MAX_ALIGN_T== alignof(ptr1)) { ptr1 = realloc(ptr, size); } |
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEMXX-C | medium | probable | medium | P8 | L2 |
References
http://www.open-std.org/Jtc1/sc22/wg14/www/docs/n1401.pdfISO/IEC 9899:201x Section 7.21.3