Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Symbiotic does not check the size of memory returned by malloc #128

Open
jamartis opened this issue Dec 10, 2019 · 1 comment
Open

Symbiotic does not check the size of memory returned by malloc #128

jamartis opened this issue Dec 10, 2019 · 1 comment
Labels
bug

Comments

@jamartis
Copy link 

#include <stdlib.h>
int main()
{
    void *mem = malloc(sizeof(mem));
    void **ok = mem;

    mem = malloc(sizeof(mem));
    char *warn = mem;

    mem = malloc(sizeof(char));
    void **err = mem;

    *err = NULL;

    free (ok);
    free (warn);
    free (err);
    return 0;
}

The code above contains an error on the line *err = NULL (the err has been malloced to the sizeof(char), and is being assigned a pointer). Symbiotic however does not report an error.

This may be related to this warning issued by symbiotic:

KLEE: WARNING ONCE: Alignment of memory from call "malloc" is not modelled. Using alignment of 8.

symbiotic --version
version: 6.1.0-dev
@mchalupa mchalupa added the bug label Dec 12, 2019
@mchalupa
Copy link
Member

mchalupa commented Dec 12, 2019
edited

Yes, I am able to reproduce this one. KLEE does not find any error not even on the original file without any optimizations and slicing, so the problem should be in KLEE, probably due to the warning you mentioned.

@mchalupa mchalupa pinned this issue Dec 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mchalupa @jamartis