malloc and buffer overflow attacks

Era Scarecrow rtcvb32 at
Sat Jan 1 01:44:42 UTC 2022

On Friday, 31 December 2021 at 00:13:56 UTC, Walter Bright wrote:
> What if `len*T.sizeof` overflows? malloc() will succeed, but 
> the result will be too small for the data.

  Makes me wish access to the raw multiplication result and carry 
flags may have been useful here in some way, although the 
language might not have liked it.

  As a quick overview for non-ASM savvy types, x86 will take 2 
arguments, you put one argument in AX and the other you pass to 
mul. So...

mov AX, 0x155;
mov BX, 0x123;
mul BX; //result: AX=839F, DX=0001

The result of which is going to be in AX:DX, where the overflow 
is put in DX (*if any*), letting you get a 32bit result from 
16bit registers (*or in 64 bit machines you'd get a 128bit 

Most modern languages just ignore the upper result though, which 
brings us to the following topic. In the 16bit example above 
you'd be short 64k.

Too bad we don't have the cent type yet. Otherwise I'd think 
using ulong and calculating the result and passing that would be 
the safest, (*assuming malloc would take a 64bit result*), 
otherwise checking the upper bits for if it's too big.

More information about the Digitalmars-d mailing list