Community
cancel
Showing results for 
Search instead for 
Did you mean: 
lars_d_1
Beginner
98 Views

Pointer checker feature - Buffer overrun not detected on aligned heap

 

Hi,
I am using the pointer checker feature as documented (including chkp.h and compiling with flag /Qcheck-pointers:rw, also refer to https://software.intel.com/en-us/node/522704) in a C++ application on Win 8.1.
The pointer checker works perfectly fine and reports a buffer overrun if I use stack memory or unaligned heap memory (using malloc).
The pointer checker however does not report any overrun if I use aligned heap memory (using mkl_malloc or _aligned_malloc)

Sample code:

int _tmain(int argc, _TCHAR* argv[])
{
     __chkp_report_control(__CHKP_REPORT_LOG, 0);

    //char buf[5];                                        // OK, reports buffer overrun
    // __declspec(align(32)) char buf[5];                // OK, reports buffer overrun
    //char *buf = (char *) malloc(5);                    // OK, reports buffer overrun
    char *buf = (char *) mkl_malloc(5, 32);                // NOK, does not report buffer overrun
    //char *buf = (char *) _aligned_malloc(5, 32);        // NOK, does not report buffer overrun
    for (int i=0; i<=5;i++) {
        buf = 'A' + i;
    } 
}

How can I enable pointer checking for aligned memory?

Thanks,

Lars

0 Kudos
2 Replies
98 Views

I think this is kind of a bug (hard to say), but I wonder how Pointer Checker to better implement, in fact, Pointer Checker will wrap these memory functions with correct bound information, when you invoke malloc, it invoke the wrapper version of malloc in compiler runtime (chkp runtime) library.

For _aligned_malloc, I guess it is not wrapped by Intel compiler, this may be added (it is possible). For mkl_malloc, it is also possible to add it, but we'll never know how many malloc functions there are and we cannot add all of them...So, we only implemented (wrapped) the interfaces in standard libc, like malloc, memcpy etc (I guess).

I'd suggest you to use below workaround for this kind of cases:

// icl test.cpp /Qcheck-pointers:rw /Od
#include <chkp.h>

#define _aligned_malloc(size, alignment) __chkp_make_bounds(_aligned_malloc(size, alignment), size)

int main()
{
    // __chkp_report_control(__CHKP_REPORT_LOG, 0);

    //char buf[5];                                        // OK, reports buffer overrun
    //__declspec(align(32)) char buf[5];                // OK, reports buffer overrun
    //char *buf = (char *) malloc(5);                    // OK, reports buffer overrun
    //char *buf = (char *) mkl_malloc(5, 32);      // You can do the same for mkl_malloc.
	//char *buf = (char *) _aligned_malloc(5, 32);   // OK, it works now!
    for (int i=0; i<=5;i++) {
        buf = 'A' + i;
    }
	return 0;
}

Use chkp_make_bounds to declare the bounds for your allocation functions. This is also how ICC wrap malloc() in libc, I guess. A very simple workaround/fix, hope it helps! :)

Thanks,

Shenghong

Kittur_G_Intel
Employee
98 Views

Hi,
This is indeed a bug and needs to be filed and the the __aligned_malloc case should be fixed. Likewise, similar functions in the C11/14 std such as aligned_alloc needs to be addressed in the feature as well.  However, the compiler’s function recognition is limited to standard library functions on the target platforms and functions that the compiler itself provides etc.  

Shenghong, please go ahead and file this as  a bug in the compiler. I've already talked with the developers as well. 

Yes, in the meantime please go ahead and use the function __chkp_make_bounds() to manually control the bounds so that any memory allocator can be supported as below:

void * __chkp_make_bounds(void *ptr, size_t);

This will work for __aligned_malloc() also and it will return a pointer with the bounds [ptr, ptr+size_t-1].

_Kittur

Reply