Abort on C23 UB zero sized realloc

2025-04-19 22:10:19 +02:00 · 2025-04-05 15:53:19 +02:00 · 2025-04-05 15:53:19 +02:00 · 5f7e7dad20
commit 5f7e7dad20
parent 1d7fc7ffe0
5 changed files with 30 additions and 1 deletions
--- a/h_malloc.c
+++ b/h_malloc.c
@ -1513,6 +1513,11 @@ EXPORT void *h_calloc(size_t nmemb, size_t size) {
 }

 EXPORT void *h_realloc(void *old, size_t size) {
+    // deprecated in C17, UB since C23
+    if (unlikely(old != NULL && size == 0)) {
+        fatal_error("invalid zero sized realloc");
+    }
+
    size = adjust_size_for_canary(size);
    if (old == NULL) {
        return alloc(size);
--- a/test/.gitignore
+++ b/test/.gitignore
@ -41,4 +41,5 @@ overflow_small_8_byte
 uninitialized_read_large
 uninitialized_read_small
 realloc_init
+realloc_c23_undefined_behaviour
 __pycache__/
--- a/test/Makefile
+++ b/test/Makefile
@ -67,7 +67,8 @@ EXECUTABLES := \
    invalid_malloc_object_size_small \
    invalid_malloc_object_size_small_quarantine \
    impossibly_large_malloc \
-    realloc_init
+    realloc_init \
+    realloc_c23_undefined_behaviour

 all: $(EXECUTABLES)

--- a/test/realloc_c23_undefined_behaviour.c
+++ b/test/realloc_c23_undefined_behaviour.c
@ -0,0 +1,16 @@
+#include <stdlib.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    void *p, *q;
+
+    p = malloc(16);
+    if (!p) {
+        return -1;
+    }
+
+    q = realloc(p, 0);
+
+    return 0;
+}
--- a/test/test_smc.py
+++ b/test/test_smc.py
@ -169,6 +169,12 @@ class TestSimpleMemoryCorruption(unittest.TestCase):
        self.assertEqual(stderr.decode("utf-8"),
                         "fatal allocator error: invalid realloc\n")

+    def test_realloc_c23_undefined_behaviour(self):
+        _stdout, stderr, returncode = self.run_test("realloc_c23_undefined_behaviour")
+        self.assertEqual(returncode, -6)
+        self.assertEqual(stderr.decode("utf-8"),
+                         "fatal allocator error: invalid zero sized realloc\n")
+
    def test_write_after_free_large_reuse(self):
        _stdout, _stderr, returncode = self.run_test(
            "write_after_free_large_reuse")