Fix critical memory safety issues #617
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
jserv
commented
Oct 1, 2025
There was a problem hiding this comment.
Benchmarks
| Benchmark suite | Current: adab7d7 | Previous: 9220ffb | Ratio |
|---|---|---|---|
Dhrystone |
1302 Average DMIPS over 10 runs |
1267 Average DMIPS over 10 runs |
0.97 |
Coremark |
952.843 Average iterations/sec over 10 runs |
958.558 Average iterations/sec over 10 runs |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
jserv
force-pushed
the
memory-safety
branch
2 times, most recently
from
554be67 to
9220ffb
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
Perhaps we can consider introducing a fault injection framework down the road to improve test coverage for error handling cases such as this one. |
This adds explicit NULL checks for all malloc/calloc/mpool_alloc calls that previously relied solely on assert(), which compiles out with '-DNDEBUG'. It prevents NULL pointer dereferences in production builds. - Add bounds checking in memory_write/memory_fill to prevent guest code from accessing arbitrary host memory - Fix memcpy/memset handlers to validate addresses and raise traps on violations (STORE_MISALIGNED/LOAD_MISALIGNED) - Add overflow-safe arithmetic for all size calculations - Implement proper error handling with goto-based cleanup chains - Fix memory leaks in error paths (mpool_extend, syscall_open)
jserv
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds explicit NULL checks for all malloc/calloc/mpool_alloc calls that previously relied solely on assert(), which compiles out with
-DNDEBUG. It prevents NULL pointer dereferences in production builds.Summary by cubic
Adds NULL checks and graceful fallbacks for critical allocations across the emulator, JIT, cache, IO, and syscalls. Prevents crashes when assert() is disabled and degrades behavior safely on OOM.