Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory allocation cleanups #101

Closed
wants to merge 4 commits into from
Closed

memory allocation cleanups #101

wants to merge 4 commits into from

Conversation

stoeckmann
Copy link
Contributor

Spotted some issues in libmaxminddb. These ones can be grouped into category "memory allocation".

@stoeckmann
Avoid integer overflow on very large files.
7341f6d 
This affects the non-Windows version of map_file, which is called
during MMDB_open:

File sizes are generally handled with off_t data type. The width
of this data type is flexible, but generally 64 bit. In map_file(),
the file size is converted from off_t to ssize_t, which is also a
flexible data type. On 32 bit systems, it's generally 32 bit.

Therefore, if the database file is larger than 4 GB, a truncation
can occur on such 32 bit systems.

To fix this, simply check if the value was truncated. I chose to
flag it as "out of memory", because you can argue that you are out
of memory for such a large file -- even though you will never have
enough memory with such an architecture to begin with.
@stoeckmann
Check OOM condition in value_for_key_as_string
0aadc5c 
The function mmdb_strndup can return NULL if system runs out of
memory. This return value is generally checked, but not in function
value_for_key_as_string.

Return MMDB_OUT_OF_MEMORY_ERROR instead of MMDB_SUCCESS if that
happens.
@stoeckmann
Avoid integer overflows during memory allocation
b93cffe 
Values parsed from database are used to calculate required amount of
memory. These calculations can overflow and must therefore be checked.

In some these cases the usage of calloc() would make the code easier
to read again, but would hit performance -- if that is an issue.
@stoeckmann
Added preprocessor statements around SIZE_MAX
6d9704c 
Strict validations would lead to errors on 64 bit systems,
therefore only check size validation on 32 bit systems.

Precisely: check on every architecture that is not 64 bit.
@autarch
Copy link
Contributor

autarch commented Jan 2, 2016

The compiler does not like last commit (https://travis-ci.org/maxmind/libmaxminddb/jobs/99864912). Looks like maybe you need some extra parens? I don't have the C precedence table memorized, so maybe it's something else.

@oschwald
Copy link
Member

oschwald commented Jan 2, 2016

The issue is that the conditionals are always false on a 64 bit platform and we have -Werror enabled for Travis.

@stoeckmann
Copy link
Contributor Author

You both are really really quick with feedback, wow. :)

Yes, the issue was that the compiler dislikes checks that are always true. I fixed this with a preprocessor statement, basically what I did with OpenBSD code, too.

@oschwald
Copy link
Member

oschwald commented Jan 2, 2016

This looks reasonable to me. I'll let @autarch merge.

@autarch
Copy link
Contributor

autarch commented Jan 3, 2016

@stoeckmann - I'll look at this on Monday when I'm at work.

@autarch
Copy link
Contributor

autarch commented Jan 5, 2016

I made a branch in the main repo with this change plus another to make the check a single macro. If it passes Travis I'll merge it. Thanks!

@autarch autarch closed this Jan 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stoeckmann @autarch @oschwald