PR libstdc++/87544 limit max_size() to PTRDIFF_MAX / sizeof(T)

Message ID 20181010153944.GA18842@redhat.com
State New
Headers show
Series
  • PR libstdc++/87544 limit max_size() to PTRDIFF_MAX / sizeof(T)
Related show

Commit Message

Jonathan Wakely Oct. 10, 2018, 3:39 p.m.
The C++17 standard requires the default implementation for
allocator_traits::max_size to return SIZE_MAX / sizeof(value_type).
That causes GCC to warn because the value could be larger than can
sensibly be passed to malloc. This patch changes the new_allocator and
malloc_allocator max_size() members to use PTRDIFF_MAX instead of
SIZE_MAX (and because they define it, the allocator_traits default isn't
used). This also changes vector::max_size to impose a sensible limit
using PTRDIFF_MAX for cases where the value from the allocator or
allocator_traits is not sensible.

	PR libstdc++/87544
	* include/bits/stl_vector.h (vector::_S_max_size): Limit size to
	PTRDIFF_MAX / sizeof(value_type).
	* include/ext/malloc_allocator.h (malloc_allocator::max_size):
	Likewise.
	* include/ext/new_allocator.h (new_allocator::max_size): Likewise.
	* testsuite/23_containers/vector/allocator/minimal.cc: Adjust
	expected value for max_size().
	* testsuite/23_containers/vector/capacity/87544.cc: New test.

Tested x86_64-linux, committed to trunk.
commit 57daf3cdf2668f944417cc4550faec588f83a790
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Wed Oct 10 15:23:12 2018 +0100

    PR libstdc++/87544 limit max_size() to PTRDIFF_MAX / sizeof(T)
    
    The C++17 standard requires the default implementation for
    allocator_traits::max_size to return SIZE_MAX / sizeof(value_type).
    That causes GCC to warn because the value could be larger than can
    sensibly be passed to malloc. This patch changes the new_allocator and
    malloc_allocator max_size() members to use PTRDIFF_MAX instead of
    SIZE_MAX (and because they define it, the allocator_traits default isn't
    used). This also changes vector::max_size to impose a sensible limit
    using PTRDIFF_MAX for cases where the value from the allocator or
    allocator_traits is not sensible.
    
            PR libstdc++/87544
            * include/bits/stl_vector.h (vector::_S_max_size): Limit size to
            PTRDIFF_MAX / sizeof(value_type).
            * include/ext/malloc_allocator.h (malloc_allocator::max_size):
            Likewise.
            * include/ext/new_allocator.h (new_allocator::max_size): Likewise.
            * testsuite/23_containers/vector/allocator/minimal.cc: Adjust
            expected value for max_size().
            * testsuite/23_containers/vector/capacity/87544.cc: New test.

Patch

diff --git a/libstdc++-v3/include/bits/stl_vector.h b/libstdc++-v3/include/bits/stl_vector.h
index 47856473107..37607417d08 100644
--- a/libstdc++-v3/include/bits/stl_vector.h
+++ b/libstdc++-v3/include/bits/stl_vector.h
@@ -1726,7 +1726,11 @@  _GLIBCXX_BEGIN_NAMESPACE_CONTAINER
       static size_type
       _S_max_size(const _Tp_alloc_type& __a) _GLIBCXX_NOEXCEPT
       {
-	const size_t __diffmax = __gnu_cxx::__numeric_traits<ptrdiff_t>::__max;
+	// std::distance(begin(), end()) cannot be greater than PTRDIFF_MAX,
+	// and realistically we can't store more than PTRDIFF_MAX/sizeof(T)
+	// (even if std::allocator_traits::max_size says we can).
+	const size_t __diffmax
+	  = __gnu_cxx::__numeric_traits<ptrdiff_t>::__max / sizeof(_Tp);
 	const size_t __allocmax = _Alloc_traits::max_size(__a);
 	return (std::min)(__diffmax, __allocmax);
       }
diff --git a/libstdc++-v3/include/ext/malloc_allocator.h b/libstdc++-v3/include/ext/malloc_allocator.h
index 8739c1fdaa3..8eaf5d44cf7 100644
--- a/libstdc++-v3/include/ext/malloc_allocator.h
+++ b/libstdc++-v3/include/ext/malloc_allocator.h
@@ -139,7 +139,13 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
 
       size_type
       max_size() const _GLIBCXX_USE_NOEXCEPT 
-      { return size_t(-1) / sizeof(_Tp); }
+      {
+#if __PTRDIFF_MAX__ < __SIZE_MAX__
+	return size_t(__PTRDIFF_MAX__) / sizeof(_Tp);
+#else
+	return size_t(-1) / sizeof(_Tp);
+#endif
+      }
 
 #if __cplusplus >= 201103L
       template<typename _Up, typename... _Args>
diff --git a/libstdc++-v3/include/ext/new_allocator.h b/libstdc++-v3/include/ext/new_allocator.h
index 19e7ad02e75..7c50731736b 100644
--- a/libstdc++-v3/include/ext/new_allocator.h
+++ b/libstdc++-v3/include/ext/new_allocator.h
@@ -130,7 +130,13 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
 
       size_type
       max_size() const _GLIBCXX_USE_NOEXCEPT
-      { return size_t(-1) / sizeof(_Tp); }
+      {
+#if __PTRDIFF_MAX__ < __SIZE_MAX__
+	return size_t(__PTRDIFF_MAX__) / sizeof(_Tp);
+#else
+	return size_t(-1) / sizeof(_Tp);
+#endif
+      }
 
 #if __cplusplus >= 201103L
       template<typename _Up, typename... _Args>
diff --git a/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc b/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc
index 7a75d9189b2..5e989b0f8c7 100644
--- a/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc
+++ b/libstdc++-v3/testsuite/23_containers/vector/allocator/minimal.cc
@@ -35,7 +35,7 @@  void test01()
   typedef std::vector<T, alloc_type> test_type;
   test_type v(alloc_type{});
   v.push_back(T());
-  VERIFY( v.max_size() == traits_type::max_size(v.get_allocator()) );
+  VERIFY( v.max_size() <= traits_type::max_size(v.get_allocator()) );
 }
 
 int main()
diff --git a/libstdc++-v3/testsuite/23_containers/vector/capacity/87544.cc b/libstdc++-v3/testsuite/23_containers/vector/capacity/87544.cc
new file mode 100644
index 00000000000..f04430e1147
--- /dev/null
+++ b/libstdc++-v3/testsuite/23_containers/vector/capacity/87544.cc
@@ -0,0 +1,73 @@ 
+// Copyright (C) 2018 Free Software Foundation, Inc.
+//
+// This file is part of the GNU ISO C++ Library.  This library is free
+// software; you can redistribute it and/or modify it under the
+// terms of the GNU General Public License as published by the
+// Free Software Foundation; either version 3, or (at your option)
+// any later version.
+
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License along
+// with this library; see the file COPYING3.  If not see
+// <http://www.gnu.org/licenses/>.
+
+// { dg-options "-O2" }
+// { dg-do compile { target c++11 } }
+
+#include <cstdlib>
+#include <vector>
+
+template<class T>
+struct Alloc : public std::allocator<T>
+{
+  template<class U>
+    struct rebind { typedef Alloc<U> other; };
+
+  Alloc() : std::allocator<T>() {}
+
+  template<class U>
+    Alloc(const Alloc<U>& other) : std::allocator<T>(other) {}
+
+  T* allocate(std::size_t num, const void* = 0)
+  {
+    std::size_t size = num * sizeof(T);
+    void *result = std::malloc(size);
+    if(size>16 && (std::size_t(result) & 15)!=0) {
+      std::free(result);
+      return 0;
+    }
+    return static_cast<T*>( result );
+  }
+
+  void deallocate(T* p, std::size_t) { std::free(p); }
+};
+
+unsigned f(std::vector<int, Alloc<int> >& v)
+{
+  v.push_back(1);
+  return v.size();
+}
+
+template<class T>
+struct Alloc2 : public Alloc<T>
+{
+  template<class U>
+    struct rebind { typedef Alloc2<U> other; };
+
+  Alloc2() : Alloc<T>() {}
+
+  template<class U>
+    Alloc2(const Alloc2<U>& other) : Alloc<T>(other) {}
+
+  std::size_t max_size() const { return std::size_t(-1) / sizeof(T); }
+};
+
+unsigned g(std::vector<int, Alloc2<int> >& v)
+{
+  v.push_back(1);
+  return v.size();
+}