If ptr was allocated with an alignment returned from aligned_alloc() and if realloc() reallocates memory with a different alignment then, the behavior is undefined.
This rule only applies to compilers that conform to the (emerging) C1X standard [[Jones 09]].
Noncompliant Code Example
This noncompliant code example aligns ptr to a 4096 byte boundary whereas the realloc() function aligns the memory to a different alignment (assuming that the sizeof(double) = 8 and sizeof(float) = 4.)
size_t size = 16; size_t alignment = 1<<12; float *ptr; double *ptr1; ptr = aligned_alloc(align , size); ptr1 = realloc(ptr, size);
The resulting program has undefined behavior as the alignment that realloc() enforces is different from aligned_alloc() function's alignment.
Compliant Solution
This compliant example checks that aligned_alloc() has the same alignment as the alignment realloc() function enforces on the memory pointed to by ptr (again assuming that the sizeof(double) = 8 and sizeof(float) = 4).
size_t size = 16;
size_t alignment = 1<<12;
float *ptr;
double *ptr1;
ptr = aligned_alloc(align , size);
if(align == alignof(ptr1)) {
ptr1 = realloc(ptr, size);
}
Implementation Details
The noncompliant codexample produces the following (unexpected) output on the x86_64-redhat-linux platform that was compiled with gcc version 4.1.2.
(ptr[0] is initialized to 12.5 and ptr[1] is initialized to 25.5)
ptr[0] (0x2b7000000000) = 12.500000 ptr[1] (0x2b7000000004) = 25.500000 ptr1[0] (0x2b7000000000) = 12.500000 ptr1[1] (0x2b7000000008) = 0.000000
Risk Assessment
Improper alignment could lead to accessing arbitrary memory locations and write into it.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC36-C |
medium |
probable |
medium |
P8 |
L2 |
References
[[Jones 09]] Section 7.21.3