From patchwork Wed Aug 3 12:31:17 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Jelinek X-Patchwork-Id: 108147 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) by ozlabs.org (Postfix) with SMTP id 3B6A6B71E3 for ; Wed, 3 Aug 2011 22:31:44 +1000 (EST) Received: (qmail 1113 invoked by alias); 3 Aug 2011 12:31:42 -0000 Received: (qmail 1099 invoked by uid 22791); 3 Aug 2011 12:31:40 -0000 X-SWARE-Spam-Status: No, hits=-6.9 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, SPF_HELO_PASS X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 03 Aug 2011 12:31:20 +0000 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p73CVJdw032554 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 3 Aug 2011 08:31:20 -0400 Received: from tyan-ft48-01.lab.bos.redhat.com (tyan-ft48-01.lab.bos.redhat.com [10.16.42.4]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p73CVI6v000929 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 3 Aug 2011 08:31:19 -0400 Received: from tyan-ft48-01.lab.bos.redhat.com (localhost.localdomain [127.0.0.1]) by tyan-ft48-01.lab.bos.redhat.com (8.14.4/8.14.4) with ESMTP id p73CVH6s003620; Wed, 3 Aug 2011 14:31:18 +0200 Received: (from jakub@localhost) by tyan-ft48-01.lab.bos.redhat.com (8.14.4/8.14.4/Submit) id p73CVHut003619; Wed, 3 Aug 2011 14:31:17 +0200 Date: Wed, 3 Aug 2011 14:31:17 +0200 From: Jakub Jelinek To: Jason Merrill , Gabriel Dos Reis Cc: gcc-patches@gcc.gnu.org Subject: [RFC PATCH] Add alloc_size attribute to the default operator new and operator new[] Message-ID: <20110803123117.GG2687@tyan-ft48-01.lab.bos.redhat.com> Reply-To: Jakub Jelinek MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Hi! As mentioned in PR49905, -D_FORTIFY_SOURCE{,=2} handles e.g. malloc (4) or malloc (16) well, knowing that the resulting pointer has object size 4 resp. 16, but for new int or new int[4], it currently doesn't assume anything (i.e. __builtin_object_size (new int, 0) returns -1). While I see the C++ standard unfortunately allows redefining of the new and vector new operators, I wonder if for -D_FORTIFY_SOURCE we could assume similar properties as for malloc for the object size checking, i.e. that if these two operators are called with a constant parameter, the object size allocated is the given size. I hope there aren't C++ programs that override the default operator new, allocate fewer or more bytes and expect that those can be accessed through the pointer returned by new. At least -D_FORTIFY_SOURCE=2 is declared to be stricter than the standard (but -D_FORTIFY_SOURCE=1 is not). Of course this wouldn't affect programs not compiled with -D_FORTIFY_SOURCE{,=2}, wouldn't affect placement new nor any class operator new/new[] (unless it calls the default operator new/new[]). Comments? 2011-08-03 Jakub Jelinek PR middle-end/49905 * decl.c (cxx_init_decl_processing): Add alloc_size (1) attribute for operator new and operator new []. * g++.dg/ext/builtin-object-size3.C: New test. Jakub --- gcc/cp/decl.c.jj 2011-07-22 22:14:59.000000000 +0200 +++ gcc/cp/decl.c 2011-08-03 14:00:48.000000000 +0200 @@ -3629,6 +3629,7 @@ cxx_init_decl_processing (void) current_lang_name = lang_name_cplusplus; { + tree newattrs; tree newtype, deltype; tree ptr_ftype_sizetype; tree new_eh_spec; @@ -3656,7 +3657,11 @@ cxx_init_decl_processing (void) else new_eh_spec = noexcept_false_spec; - newtype = build_exception_variant (ptr_ftype_sizetype, new_eh_spec); + newattrs + = build_tree_list (get_identifier ("alloc_size"), + build_tree_list (NULL_TREE, integer_one_node)); + newtype = cp_build_type_attribute_variant (ptr_ftype_sizetype, newattrs); + newtype = build_exception_variant (newtype, new_eh_spec); deltype = build_exception_variant (void_ftype_ptr, empty_except_spec); push_cp_library_fn (NEW_EXPR, newtype); push_cp_library_fn (VEC_NEW_EXPR, newtype); --- gcc/testsuite/g++.dg/ext/builtin-object-size3.C.jj 2011-08-03 14:06:03.000000000 +0200 +++ gcc/testsuite/g++.dg/ext/builtin-object-size3.C 2011-08-03 14:04:21.000000000 +0200 @@ -0,0 +1,26 @@ +// { dg-do compile } +// { dg-options "-O2" } + +void baz (int *, int *); + +#define MEMCPY(d,s,l) __builtin___memcpy_chk (d, s, l, __builtin_object_size (d, 0)) + +int +foo () +{ + int *p = new int; + int *q = new int[4]; + MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int)); + MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int)); + baz (p, q); +} + +int +bar () +{ + int *p = new int; + int *q = new int[4]; + MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int) + 1); // { dg-warning "will always overflow destination buffer" } + MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int) + 1); // { dg-warning "will always overflow destination buffer" } + baz (p, q); +}