| Message ID | SEZPR01MB452774E4131F00D0D2C0CE60A8C72@SEZPR01MB4527.apcprd01.prod.exchangelabs.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | genload: fix memory corruption in hogvm | expand |
Hi! > Signed-off-by: Jiwei Sun <sunjw10@lenovo.com> > --- > tools/genload/genload.c | 2 +- > tools/genload/stress.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/genload/genload.c b/tools/genload/genload.c > index 7f56d5272..9712e7828 100644 > --- a/tools/genload/genload.c > +++ b/tools/genload/genload.c > @@ -642,7 +642,7 @@ int hogvm(long long forks, long long chunks, long long bytes) > usleep(backoff); > > while (1) { > - ptr = (char **)malloc(chunks * 2); > + ptr = (char **)malloc(chunks * 2 * sizeof(char *)); Good catch, however shouldn't this be just chunks * sizeof(char*) ? > for (j = 0; chunks == 0 || j < chunks; j++) { > if ((ptr[j] = > (char *)malloc(bytes * > diff --git a/tools/genload/stress.c b/tools/genload/stress.c > index 7f56d5272..9712e7828 100644 > --- a/tools/genload/stress.c > +++ b/tools/genload/stress.c > @@ -642,7 +642,7 @@ int hogvm(long long forks, long long chunks, long long bytes) > usleep(backoff); > > while (1) { > - ptr = (char **)malloc(chunks * 2); > + ptr = (char **)malloc(chunks * 2 * sizeof(char *)); Here as well. > for (j = 0; chunks == 0 || j < chunks; j++) { > if ((ptr[j] = > (char *)malloc(bytes * > -- > 2.27.0 > > > -- > Mailing list info: https://lists.linux.it/listinfo/ltp
Hi Cyril, On 6/11/24 20:11, Cyril Hrubis wrote: > Hi! >> Signed-off-by: Jiwei Sun <sunjw10@lenovo.com> >> --- >> tools/genload/genload.c | 2 +- >> tools/genload/stress.c | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/tools/genload/genload.c b/tools/genload/genload.c >> index 7f56d5272..9712e7828 100644 >> --- a/tools/genload/genload.c >> +++ b/tools/genload/genload.c >> @@ -642,7 +642,7 @@ int hogvm(long long forks, long long chunks, long long bytes) >> usleep(backoff); >> >> while (1) { >> - ptr = (char **)malloc(chunks * 2); >> + ptr = (char **)malloc(chunks * 2 * sizeof(char *)); > > Good catch, however shouldn't this be just chunks * sizeof(char*) ? Yes indeed, totally agree with you, "* 2" is redundant, thanks for your review and reply. And also, if the chunks is 0, the memory will be corrupted too. I will modify it in the v2 patch. Thanks, Regards, Jiwei > >> for (j = 0; chunks == 0 || j < chunks; j++) { >> if ((ptr[j] = >> (char *)malloc(bytes * >> diff --git a/tools/genload/stress.c b/tools/genload/stress.c >> index 7f56d5272..9712e7828 100644 >> --- a/tools/genload/stress.c >> +++ b/tools/genload/stress.c >> @@ -642,7 +642,7 @@ int hogvm(long long forks, long long chunks, long long bytes) >> usleep(backoff); >> >> while (1) { >> - ptr = (char **)malloc(chunks * 2); >> + ptr = (char **)malloc(chunks * 2 * sizeof(char *)); > > Here as well. > >> for (j = 0; chunks == 0 || j < chunks; j++) { >> if ((ptr[j] = >> (char *)malloc(bytes * >> -- >> 2.27.0 >> >> >> -- >> Mailing list info: https://lists.linux.it/listinfo/ltp >
diff --git a/tools/genload/genload.c b/tools/genload/genload.c index 7f56d5272..9712e7828 100644 --- a/tools/genload/genload.c +++ b/tools/genload/genload.c @@ -642,7 +642,7 @@ int hogvm(long long forks, long long chunks, long long bytes) usleep(backoff); while (1) { - ptr = (char **)malloc(chunks * 2); + ptr = (char **)malloc(chunks * 2 * sizeof(char *)); for (j = 0; chunks == 0 || j < chunks; j++) { if ((ptr[j] = (char *)malloc(bytes * diff --git a/tools/genload/stress.c b/tools/genload/stress.c index 7f56d5272..9712e7828 100644 --- a/tools/genload/stress.c +++ b/tools/genload/stress.c @@ -642,7 +642,7 @@ int hogvm(long long forks, long long chunks, long long bytes) usleep(backoff); while (1) { - ptr = (char **)malloc(chunks * 2); + ptr = (char **)malloc(chunks * 2 * sizeof(char *)); for (j = 0; chunks == 0 || j < chunks; j++) { if ((ptr[j] = (char *)malloc(bytes *