Patchwork _FORTIFY_SOURCE for std::vector

login
register
mail settings
Submitter Florian Weimer
Date May 29, 2012, 3:38 p.m.
Message ID <4FC4ED90.2020905@redhat.com>
Download mbox | patch
Permalink /patch/161761/
State New
Headers show

Comments

Florian Weimer - May 29, 2012, 3:38 p.m.
This patch evaluates _FORTIFY_SOURCE in a way similar to GNU libc.
If set, std::vector::operator[] throws if the index is out of bounds.
This is compliant with the standard because such usage triggers
undefined behavior.  _FORTIFY_SOURCE users expect some performance hit.

Okay for trunk?

2012-05-29  Florian Weimer  <fweimer@redhat.com>

	* include/bits/stl_vector.h (vector::_M_fortify_range_check):
	New.
	* (vector::operator[]): Call it.
	* testsuite/23_containers/vector/element_access/2.cc: New.
Paolo Carlini - May 29, 2012, 4:45 p.m.
Hi,

> This patch evaluates _FORTIFY_SOURCE in a way similar to GNU libc.
> If set, std::vector::operator[] throws if the index is out of bounds.
> This is compliant with the standard because such usage triggers
> undefined behavior.  _FORTIFY_SOURCE users expect some performance hit.

Indeed. But at the moment I don't clearly see how this kind of check relates to debug-mode. 

Library patches should go to the library mailing list too (especially so when controversial ;)
> 


Paolo
Florian Weimer - May 30, 2012, 7:01 a.m.
On 05/29/2012 06:45 PM, Paolo Carlini wrote:
> Hi,
>
>> This patch evaluates _FORTIFY_SOURCE in a way similar to GNU libc.
>> If set, std::vector::operator[] throws if the index is out of bounds.
>> This is compliant with the standard because such usage triggers
>> undefined behavior.  _FORTIFY_SOURCE users expect some performance hit.
>
> Indeed. But at the moment I don't clearly see how this kind of check relates to debug-mode.

Debug mode changes ABI, doesn't it?

> Library patches should go to the library mailing list too (especially so when controversial ;)

Uhm, I forgot about the library mailing list.  Will resubmit there.

Patch

Index: libstdc++-v3/include/bits/stl_vector.h
===================================================================
--- libstdc++-v3/include/bits/stl_vector.h	(revision 187951)
+++ libstdc++-v3/include/bits/stl_vector.h	(working copy)
@@ -768,7 +768,10 @@ 
        */
       reference
       operator[](size_type __n)
-      { return *(this->_M_impl._M_start + __n); }
+      {
+	_M_fortify_range_check(__n);
+	return *(this->_M_impl._M_start + __n);
+      }
 
       /**
        *  @brief  Subscript access to the data contained in the %vector.
@@ -783,7 +786,10 @@ 
        */
       const_reference
       operator[](size_type __n) const
-      { return *(this->_M_impl._M_start + __n); }
+      { 
+	_M_fortify_range_check(__n);
+	return *(this->_M_impl._M_start + __n);
+      }
 
     protected:
       /// Safety check used only from at().
@@ -794,6 +800,16 @@ 
 	  __throw_out_of_range(__N("vector::_M_range_check"));
       }
 
+      /// Range check used by operator[].
+      /// No-op unless _FORTIFY_SOURCE is enabled.
+      void
+      _M_fortify_range_check(size_type __n) const
+      {
+#if defined _FORTIFY_SOURCE && _FORTIFY_SOURCE > 0
+	_M_range_check(__n);
+#endif
+      }
+
     public:
       /**
        *  @brief  Provides access to the data contained in the %vector.
Index: libstdc++-v3/testsuite/23_containers/vector/element_access/2.cc
===================================================================
--- libstdc++-v3/testsuite/23_containers/vector/element_access/2.cc	(revision 0)
+++ libstdc++-v3/testsuite/23_containers/vector/element_access/2.cc	(revision 0)
@@ -0,0 +1,71 @@ 
+// Copyright (C) 2012 Free Software Foundation, Inc.
+//
+// This file is part of the GNU ISO C++ Library.  This library is free
+// software; you can redistribute it and/or modify it under the
+// terms of the GNU General Public License as published by the
+// Free Software Foundation; either version 3, or (at your option)
+// any later version.
+
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License along
+// with this library; see the file COPYING3.  If not see
+// <http://www.gnu.org/licenses/>.
+
+// 23.2.4 vector 
+
+// { dg-add-options no_pch }
+
+#undef _FORTIFY_SOURCE
+#define _FORTIFY_SOURCE 2
+
+#include <vector>
+#include <stdexcept>
+#include <testsuite_hooks.h>
+
+void test01()
+{
+  std::vector<int> v(5);
+  try
+    {
+      v[5];
+      VERIFY( false );
+    }
+  catch(std::out_of_range& err)
+    {
+      VERIFY( true );
+    }
+  catch(...)
+    {
+      VERIFY( false );
+    }
+}
+
+void test02()
+{
+  std::vector<int> v(5);
+  const std::vector<int> u(v);
+  try
+    {
+      u[5];
+      VERIFY( false );
+    }
+  catch(std::out_of_range& err)
+    {
+      VERIFY( true );
+    }
+  catch(...)
+    {
+      VERIFY( false );
+    }
+}
+
+int main()
+{
+  test01();
+  test02();
+  return 0;
+}