If ptr was allocated with an alignment returned from aligned_alloc() and if realloc() reallocates memory with a different alignment then, the behavior is undefined.
This rule only applies to compilers that conform to the (emerging) C1X standard add ref.
Noncompliant Code Example
This noncompliant code example aligns ptr to a 4096 byte boundary whereas the realloc() function aligns the memory to a different alignment (assuming that the sizeof(double) = 8 and sizeof(float) = 4.)
size_t size = 16; size_t alignment = 1<<12; float *ptr; double *ptr1; ptr = aligned_alloc(align , size); ptr1 = realloc(ptr, size);
The resulting program has undefined behavior as the alignment that realloc() enforces is different from aligned_alloc() function's alignment.
Compliant Solution
This compliant example checks that aligned_alloc() has the same alignment as the alignment realloc() function enforces on the memory pointed to by ptr (again assuming that the sizeof(double) = 8 and sizeof(float) = 4).
size_t size = 16;
size_t alignment = 1<<12;
float *ptr;
double *ptr1;
ptr = aligned_alloc(align , size);
if(align == alignof(ptr1)) {
ptr1 = realloc(ptr, size);
}
Implementation Details
The noncompliant codexample produces the following (unexpected) output on the x86_64-redhat-linux platform that was compiled with gcc version 4.1.2.
(ptr[0] is initialized to 12.5 and ptr[1] is initialized to 25.5)
ptr[0] (0x2b7000000000) = 12.500000 ptr[1] (0x2b7000000004) = 25.500000 ptr1[0] (0x2b7000000000) = 12.500000 ptr1[1] (0x2b7000000008) = 0.000000
Risk Assessment
Improper alignment could lead to accessing arbitrary memory locations and write into it.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC36-C |
medium |
probable |
medium |
P8 |
L2 |
References
[ISO/IEC 9899:201x
] Section 7.21.3