Tim Ruehsen tim.ruehsen@gmx.de writes:
There is just changed file outside testsuite/ and examples/ : buffer.c. nettle_buffer_clear() used to call realloc() with a length of 0 to wipe the allocated memory. But at least here it comes back with a valid pointer to one allocated byte (as valgrind reports). I use free() after the realloc if the returned pointer is not NULL (maybe realloc() should not be called at all !?).
This is a bit tricky. The nettle_buffer interface lets the user configure memory allocation using a single function pointer to the user's realloc function. It's not required to be compatible in any way with libc free.
My man page for realloc says
realloc() changes the size of the memory block pointed to by ptr to size bytes. [...] if size is equal to zero, and ptr is not NULL, then the call is equivalent to free(ptr).
The spec at
http://pubs.opengroup.org/onlinepubs/9699919799/functions/realloc.html
seems to agree. But when describing the return value, it allows a valid pointer to be returned,
If size is 0, either a null pointer or a unique pointer that can be successfully passed to free() shall be returned.
Does that mean that the spec allows the program
int main (int argc, char **argv) { void *p; while ( (p = malloc(1)) ) realloc (p, 0); return 1; }
to leak one byte of storage per iteration? If we need a workaround, the right place is in the realloc wrapppers in realloc.c.
I did not remove or add any tests, just changed / added / removed some stuff from testutils.c and of course within the *-test.c(xx).
I think it would have been good to discuss the aproach on list, before doing that work.
Niels, please remove the quotes from "$EMULATOR" in run-tests (my run-tests is somehow already in the local repo with some other changes I just can't revert).
I'm aware that needs fixing.
int test_main(void) { /* 128 bit keys */
- test_cipher(&nettle_aes128,
HL("0001020305060708 0A0B0C0D0F101112"),HL("506812A45F08C889 B97F5980038B8359"),H("D8F532538289EF7D 06B506A4FD5BE9C9"));
- test_cipher(&nettle_aes128,
"0001020305060708 0A0B0C0D0F101112","506812A45F08C889 B97F5980038B8359","D8F532538289EF7D 06B506A4FD5BE9C9");
The reason I introduced the HL and LDATA macros was that I find it useful that the testcases can chose either hex data or raw binary data. A change requiring hex everywhare is not so attractive. Maybe the macros can be fixed to arrange for deallocation (e.g, put all allocated strings on a list and free it at the end of main). Or, of we pass only a const char * to the various functions, include some prefix to say if it's hex or raw data (with length; I'd prefer to not rely on strlen here).
- unsigned key_length = decode_hex_length(key_hex);
- const uint8_t *key = decode_hex_dup(key_hex);
- unsigned length = decode_hex_length(cleartext_hex);
- const uint8_t *cleartext = decode_hex_dup(cleartext_hex);
- const uint8_t *ciphertext = decode_hex_dup(ciphertext_hex);
- struct arctwo_ctx ctx; uint8_t *data = xalloc(length);
@@ -46,6 +50,9 @@ test_arctwo(unsigned ekb, FAIL();
free(data);
- free((void *)ciphertext);
- free((void *)cleartext);
- free((void *)key);
}
It's unfortunate that the free prototype doesn't take a const void *, but we have to live with that. In this case, I think it's preferable to drop const from the declaration of those pointers, so there's no need for those explicit casts.
The less intrusive changes I'll try to get to within a few days.
Regards, /Niels