From patchwork Mon Nov 5 17:52:04 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 197256 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) by ozlabs.org (Postfix) with SMTP id 1A80B2C008E for ; Tue, 6 Nov 2012 04:52:35 +1100 (EST) Comment: DKIM? See http://www.dkim.org DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=gcc.gnu.org; s=default; x=1352742756; h=Comment: DomainKey-Signature:Received:Received:Received:Received:Received: Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Mailing-List:Precedence: List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender: Delivered-To; bh=9Qp96NjjfUYQG7FZSV0x3YNNs3c=; b=hrXeHL0i2oKmutg atmMKx4b9NhnX6FW5+sRs7zb8liQVIYlWNd6olxlr459UdmBlRHoVUjXPdMAiNgx QP3dSGmKycRCOXPytcQmA69vNyhiPC7oWuwQhpv23aNn4GLYTscCMyV+T408v2lB dNZ0E60B2jsnYO+wfuwPgXBSo+zM= Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org; h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To; b=opYewxJJBtLP6xfESr3tW77SUkmUOTs8TU1I6IUfCDRQ7dif8N1WMlotgx+IaR HbJgldaIM2pRi5xtYqMoEbykyGeeNGt+W4cAbFK6jsSOcdElAw4MPHAK59q/qr5Q oK8pa5f6c4eiI08erNj4uNUpVri0xGzjppbumQ2CP1lZk=; Received: (qmail 20580 invoked by alias); 5 Nov 2012 17:52:21 -0000 Received: (qmail 20561 invoked by uid 22791); 5 Nov 2012 17:52:20 -0000 X-SWARE-Spam-Status: No, hits=-7.9 required=5.0 tests=AWL, BAYES_00, KHOP_RCVD_UNTRUST, KHOP_SPAMHAUS_DROP, KHOP_THREADED, RCVD_IN_DNSWL_HI, RCVD_IN_HOSTKARMA_W, RP_MATCHES_RCVD, SPF_HELO_PASS, TW_CX X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 05 Nov 2012 17:52:07 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id qA5Hq6RC005414 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 5 Nov 2012 12:52:07 -0500 Received: from fweimer.str.redhat.com (oldenburg.str.redhat.com [10.33.200.60]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id qA5Hq42V014584 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 5 Nov 2012 12:52:05 -0500 Message-ID: <5097FCC4.6030307@redhat.com> Date: Mon, 05 Nov 2012 18:52:04 +0100 From: Florian Weimer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1 MIME-Version: 1.0 To: Paolo Carlini CC: gcc-patches@gcc.gnu.org, libstdc++ , Jason Merrill Subject: Re: [PING^2] [C++ PATCH] Add overflow checking to __cxa_vec_new[23] References: <503364F2.6020908@redhat.com> <5056F286.8000202@redhat.com> <5056F843.1080501@oracle.com> <5057017B.60408@redhat.com> <508FF9F6.5060906@redhat.com> <549c815a-6ffc-4716-a173-15327eaa1823@email.android.com> <509000B9.9080202@redhat.com> <5093B7FC.30201@redhat.com> <5093B930.7060804@oracle.com> In-Reply-To: <5093B930.7060804@oracle.com> X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org On 11/02/2012 01:14 PM, Paolo Carlini wrote: > On 11/02/2012 01:09 PM, Florian Weimer wrote: >> I looked at this again and made a new copy of the test case instead. >> It has been successfully tested on x86_64-redhat-linux-gnu. >> >> Is this okay for trunk? > Looks very nice to me, and after all the issue seems rather simple. > Let's say we wait another 2-3 days in case Jason and others have > comments, and then it's Ok for mainline. Thanks. I made a few formatting changes, so the attached version is what I committed. 2012-11-03 Florian Weimer * libsupc++/vec.cc (compute_size): New. (__cxa_vec_new2, __cxa_vec_new3): Use it. * testsuite/18_support/cxa_vec.cc: New. Index: libstdc++-v3/libsupc++/vec.cc =================================================================== --- libstdc++-v3/libsupc++/vec.cc (revision 193173) +++ libstdc++-v3/libsupc++/vec.cc (working copy) @@ -1,7 +1,6 @@ // New abi Support -*- C++ -*- -// Copyright (C) 2000, 2001, 2003, 2004, 2009, 2011 -// Free Software Foundation, Inc. +// Copyright (C) 2000-2012 Free Software Foundation, Inc. // // This file is part of GCC. // @@ -59,6 +58,19 @@ globals->caughtExceptions = p->nextException; globals->uncaughtExceptions += 1; } + + // Compute the total size with overflow checking. + std::size_t compute_size(std::size_t element_count, + std::size_t element_size, + std::size_t padding_size) + { + if (element_size && element_count > std::size_t(-1) / element_size) + throw std::bad_alloc(); + std::size_t size = element_count * element_size; + if (size + padding_size < size) + throw std::bad_alloc(); + return size + padding_size; + } } // Allocate and construct array. @@ -83,7 +95,8 @@ void *(*alloc) (std::size_t), void (*dealloc) (void *)) { - std::size_t size = element_count * element_size + padding_size; + std::size_t size + = compute_size(element_count, element_size, padding_size); char *base = static_cast (alloc (size)); if (!base) return base; @@ -124,7 +137,8 @@ void *(*alloc) (std::size_t), void (*dealloc) (void *, std::size_t)) { - std::size_t size = element_count * element_size + padding_size; + std::size_t size + = compute_size(element_count, element_size, padding_size); char *base = static_cast(alloc (size)); if (!base) return base; Index: libstdc++-v3/testsuite/18_support/cxa_vec.cc =================================================================== --- libstdc++-v3/testsuite/18_support/cxa_vec.cc (revision 0) +++ libstdc++-v3/testsuite/18_support/cxa_vec.cc (working copy) @@ -0,0 +1,64 @@ +// { dg-do run } +// Avoid use of none-overridable new/delete operators in shared +// { dg-options "-static" { target *-*-mingw* } } +// Test __cxa_vec routines +// Copyright (C) 2000-2012 Free Software Foundation, Inc. +// Contributed by Nathan Sidwell 7 Apr 2000 + +#include +#include +#include +#include +#include + +// Allocate enough padding to hold an array cookie. +#ifdef __ARM_EABI__ +static const size_t padding = 8; +#else +static const size_t padding = (sizeof (std::size_t)); +#endif + +// our pseudo ctors and dtors +static abi::__cxa_cdtor_return_type ctor (void *x) +{ + abort (); +} + +static abi::__cxa_cdtor_return_type dtor (void *x) +{ + abort (); +} + +// allocate an array whose size causes an overflow during multiplication +void test1 () +{ + static const std::size_t large_size = + std::size_t(1) << (sizeof(std::size_t) * 8 - 2); + try + { + abi::__cxa_vec_new (large_size, 8, 0, ctor, dtor); + abort (); + } + catch (std::bad_alloc &) + { + } +} + +// allocate an array whose size causes an overflow during addition +void test2 () +{ + try + { + abi::__cxa_vec_new (std::size_t(-1) / 4, 4, padding, ctor, dtor); + abort (); + } + catch (std::bad_alloc &) + { + } +} + +int main () +{ + test1 (); + test2 (); +}