Re: [musl] [PATCH] Add a safe dequeue integrity check for mallocng

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Joakim Sindholt <opensource@zhasha.com>
To: musl@lists.openwall.com
Subject: Re: [musl] [PATCH] Add a safe dequeue integrity check for mallocng
Date: Thu, 14 Sep 2023 11:23:08 +0200	[thread overview]
Message-ID: <20230914112308.bc1833d3f827ada2d1b7d85c@zhasha.com> (raw)
In-Reply-To: <CAA_Li+u260L1rNReT+LL7sirj=exn1Fr_pB6A87AMLEo-nTNQQ@mail.gmail.com>

On Thu, 14 Sep 2023 13:13:23 +0800, James R T <jamestiotio@gmail.com> wrote:
> On Sat, Sep 9, 2023 at 8:48 AM Rich Felker <dalias@libc.org> wrote:
> >
> > This could and should be written with the assert macro, like all the
> > other safety assertions in mallocng, not pulling in stdio and abort.
> 
> Understood. I was not able to find an assert with `predict_false` for
> the condition. Should I add one assert function with `predict_false`
> in `include/assert.h` or `src/exit/assert.c` or simply use the regular
> assert?

It's a little confusing but assert() in mallocng is not real assert():
http://git.musl-libc.org/cgit/musl/tree/src/malloc/mallocng/glue.h#n33
The issue is that if memory is under control of an attacker then doing
anything at all, especially running the stdio machinery, is unsafe. To
that end musl uses a_crash() here which expands to a minimal set of
instructions to crash the process:
http://git.musl-libc.org/cgit/musl/tree/arch/x86_64/atomic_arch.h#n106

Furthermore, musl doesn't use any of thosed tagged branch tricks and I
personally doubt it would make any difference.

next prev parent reply	other threads:[~2023-09-14  9:23 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-08 17:49 James Raphael Tiovalen
2023-09-09  0:48 ` Rich Felker
2023-09-14  5:13   ` James R T
2023-09-14  9:23     ` Joakim Sindholt [this message]
2023-09-14 12:18       ` Rich Felker
2023-09-16  6:53         ` James R T

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230914112308.bc1833d3f827ada2d1b7d85c@zhasha.com \
    --to=opensource@zhasha.com \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).