If ptr
was allocated with an alignment returned from aligned_alloc()
and if realloc()
reallocates memory with a different alignment then, the behavior is undefined.
This rule is specifically for C1X standards.
Non- Compliant Code
This non-compliant example shows that ptr is aligned to an alignment of 4096 bytes where as the realloc()
function aligns the memory to a different alignment.
Code Block | ||
---|---|---|
| ||
size_t size = 16; size_t alignment = 1<<12; float *ptr; double *ptr1; ptr = aligned_alloc(align , size); ptr1 = realloc(ptr, size); |
The realloc function has an undefined behavior as the alignment that realloc()
enforces is different from aligned_alloc()
function's alignment.
Compliant Solution
This compliant example checks that aligned_alloc()
has the same alignment as the alignment realloc()
function enforces on the memory pointed to by ptr
.
Code Block | ||
---|---|---|
| ||
size_t size = 16; size_t alignment = 1<<12; float *ptr; double *ptr1; ptr = aligned_alloc(align , size); if(align == alignof(ptr1)) { ptr1 = realloc(ptr, size); } |
Risk Assessment
Improper alignment could lead to accessing arbitrary memory locations and write into it.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC36-C | medium | probable | medium | P8 | L2 |
References
Wiki Markup |
---|
\[[ISO/IEC 9899:201x|http://www.open-std.org/Jtc1/sc22/wg14/www/docs/n1401.pdf]\] Section 7.21.3 |