If ptr was allocated with an alignment returned from aligned_alloc() and if realloc() reallocates memory with a different alignment then, the behavior is undefined.
This rule is specifically for C1X standards.
Non- Compliant Code
This non-compliant example shows that ptr is aligned to an alignment of 4096 bytes where as the realloc() function aligns the memory to a different alignment.
size_t size = 16; size_t alignment = 2<<12; float *ptr; double *ptr1; ptr = aligned_alloc(align , size); ptr1 = realloc(ptr, size);
The realloc function has an undefined behavior as the alignment that realloc() enforces is different from aligned_alloc() function's alignment.
Compliant Solution
This compliant example checks that aligned_alloc() has the same alignment as the alignment realloc() function enforces on the memory pointed to by ptr.
size_t size = 16;
size_t alignment = 2 << 12;
float *ptr;
double *ptr1;
ptr = aligned_alloc(align , size);
if(align == alignof(ptr1)) {
ptr1 = realloc(ptr, size);
}
Risk Assessment
Improper alignment could lead to accessing arbitrary memory locations and write into it.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MEMXX-C |
medium |
probable |
medium |
P8 |
L2 |
References
[ISO/IEC 9899:201x] Section 7.21.3