Commit d01d2337 authored by Alexander Richardson's avatar Alexander Richardson
Browse files

Avoid undefined behaviour after realloc()

Adding the offset between the realloc result and the old allocation to
update pointers into the new allocation is undefined behaviour: the
old pointers are no longer valid after realloc() according to the C
standard. While this works on almost all architectures and compilers,
it causes  problems on architectures that track pointer bounds (e.g.
CHERI or Arm's Morello): the value_list pointers will still have the
bounds of the previous allocation and therefore any dereference will
result in a run-time trap.

I found this due to a crash (dereferencing an invalid capability) while
trying to run `xev` over SSH on a CHERI-RISC-V system. With these two
realloc changes, and xorg/proto/xorgproto!41

I am able to succesfully run `xev` compiled for CHERI-RISC-V.
Signed-off-by: Alexander Richardson's avatarAlex Richardson <>
parent 1c845834
Pipeline #369195 passed with stages
in 10 minutes and 52 seconds
......@@ -676,8 +676,10 @@ parseline(
goto error;
b->tree = new;
b->treesize = newsize;
/* Re-derive top after realloc() to avoid undefined behaviour
(and crashes on architectures that track pointer bounds). */
if (top >= (DTIndex *) old && top < (DTIndex *) &old[oldsize])
top = (DTIndex *) (((char *) top) + (((char *)b->tree)-(char *)old));
top = (DTIndex *) (((char *)new) + (((char *)top)-(char *)old));
p = &b->tree[b->treeused];
p->keysym = buf[i].keysym;
......@@ -517,11 +517,13 @@ append_value_list (void)
if (value != *value_list) {
int i;
ssize_t delta;
delta = value - *value_list;
char *old_list;
old_list = *value_list;
*value_list = value;
/* Re-derive pointers from the new realloc() result to avoid undefined
behaviour (and crashes on architectures with pointer bounds). */
for (i = 1; i < value_num; ++i) {
value_list[i] += delta;
value_list[i] = value + (value_list[i] - old_list);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment