From: Paul Eggert <eggert@cs.ucla.edu>
To: bug-gnulib@gnu.org
Cc: Paul Eggert <eggert@cs.ucla.edu>
Subject: [PATCH 07/27] malloca: improve -fanalyzer malloc checking
Date: Sun, 1 Aug 2021 18:18:01 -0700 [thread overview]
Message-ID: <20210802011821.1057057-7-eggert@cs.ucla.edu> (raw)
In-Reply-To: <20210802011821.1057057-1-eggert@cs.ucla.edu>
---
ChangeLog | 5 ++++-
lib/malloca.c | 18 ++++++++++++------
lib/malloca.h | 5 ++++-
3 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6bad8ceb6..166618a42 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,11 +3,14 @@
maint: improve -fanalyzer malloc checking
* lib/backup-internal.h, lib/backupfile.h:
* lib/canonicalize.h, lib/dfa.h, lib/dirname.h, lib/exclude.h:
- * lib/filenamecat.h:
+ * lib/filenamecat.h, lib/malloca.h:
Add malloc-related attributes and include stdlib.h as needed.
* lib/dfa.c: Include verify.h.
(assume_nonnull): New macro.
(dfamust): Use it to pacify GCC.
+ * lib/malloca.c (mmalloca): Redo to pacify GCC, to cut down on the
+ number of casts, and to avoid signed integer overflow on
+ theoretical platforms.
2021-08-01 Jim Meyering <meyering@fb.com>
diff --git a/lib/malloca.c b/lib/malloca.c
index d7ad095b5..b4884234a 100644
--- a/lib/malloca.c
+++ b/lib/malloca.c
@@ -47,7 +47,8 @@ mmalloca (size_t n)
#if HAVE_ALLOCA
/* Allocate one more word, used to determine the address to pass to freea(),
and room for the alignment ≡ sa_alignment_max mod 2*sa_alignment_max. */
- int plus = sizeof (small_t) + 2 * sa_alignment_max - 1;
+ uintptr_t alignment2_mask = 2 * sa_alignment_max - 1;
+ int plus = sizeof (small_t) + alignment2_mask;
idx_t nplus;
if (!INT_ADD_WRAPV (n, plus, &nplus) && !xalloc_oversized (nplus, 1))
{
@@ -55,16 +56,21 @@ mmalloca (size_t n)
if (mem != NULL)
{
- char *p =
- (char *)((((uintptr_t)mem + sizeof (small_t) + sa_alignment_max - 1)
- & ~(uintptr_t)(2 * sa_alignment_max - 1))
- + sa_alignment_max);
+ uintptr_t umem = (uintptr_t)mem, umemplus;
+ /* The INT_ADD_WRAPV avoids signed integer overflow on
+ theoretical platforms where UINTPTR_MAX <= INT_MAX. */
+ INT_ADD_WRAPV (umem, sizeof (small_t) + sa_alignment_max - 1,
+ &umemplus);
+ idx_t offset = ((umemplus & ~alignment2_mask)
+ + sa_alignment_max - umem);
+ void *vp = mem + offset;
+ small_t *p = vp;
/* Here p >= mem + sizeof (small_t),
and p <= mem + sizeof (small_t) + 2 * sa_alignment_max - 1
hence p + n <= mem + nplus.
So, the memory range [p, p+n) lies in the allocated memory range
[mem, mem + nplus). */
- ((small_t *) p)[-1] = p - mem;
+ p[-1] = offset;
/* p ≡ sa_alignment_max mod 2*sa_alignment_max. */
return p;
}
diff --git a/lib/malloca.h b/lib/malloca.h
index 6fa1d8b20..dbbec3f06 100644
--- a/lib/malloca.h
+++ b/lib/malloca.h
@@ -65,7 +65,6 @@ extern "C" {
# define malloca(N) \
mmalloca (N)
#endif
-extern void * mmalloca (size_t n);
/* Free a block of memory allocated through malloca(). */
#if HAVE_ALLOCA
@@ -74,6 +73,10 @@ extern void freea (void *p);
# define freea free
#endif
+extern void *mmalloca (size_t n)
+ _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC (freea, 1)
+ _GL_ATTRIBUTE_ALLOC_SIZE ((1));
+
/* nmalloca(N,S) is an overflow-safe variant of malloca (N * S).
It allocates an array of N objects, each with S bytes of memory,
on the stack. N and S should be nonnegative and free of side effects.
--
2.31.1
next prev parent reply other threads:[~2021-08-02 1:19 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 1:17 [PATCH 01/27] backupfile: improve -fanalyzer malloc checking Paul Eggert
2021-08-02 1:17 ` [PATCH 02/27] maint: " Paul Eggert
2021-08-02 1:17 ` [PATCH 03/27] dfa: " Paul Eggert
2021-08-07 13:03 ` Bruno Haible
2021-08-02 1:17 ` [PATCH 04/27] dirname: " Paul Eggert
2021-08-07 13:13 ` Bruno Haible
2021-08-02 1:17 ` [PATCH 05/27] exclude: " Paul Eggert
2021-08-02 1:18 ` [PATCH 06/27] filenamecat-lgpl: " Paul Eggert
2021-08-02 1:18 ` Paul Eggert [this message]
2021-08-07 13:20 ` [PATCH 07/27] malloca: " Bruno Haible
2021-08-02 1:18 ` [PATCH 08/27] modechange: " Paul Eggert
2021-08-02 1:18 ` [PATCH 09/27] mountlist: " Paul Eggert
2021-08-02 1:18 ` [PATCH 10/27] pagalign_alloc: " Paul Eggert
2021-08-02 1:18 ` [PATCH 11/27] quotearg: " Paul Eggert
2021-08-07 13:25 ` Bruno Haible
2021-08-02 1:18 ` [PATCH 12/27] readutmp: " Paul Eggert
2021-08-02 1:18 ` [PATCH 13/27] savedir: " Paul Eggert
2021-08-02 1:18 ` [PATCH 14/27] sh-quote: " Paul Eggert
2021-08-02 1:18 ` [PATCH 15/27] system-quote: " Paul Eggert
2021-08-02 1:18 ` [PATCH 16/27] trim: " Paul Eggert
2021-08-02 1:18 ` [PATCH 17/27] xgetcwd: " Paul Eggert
2021-08-02 1:18 ` [PATCH 18/27] xgethostname: " Paul Eggert
2021-08-02 1:18 ` [PATCH 19/27] xmalloca: " Paul Eggert
2021-08-02 1:18 ` [PATCH 20/27] xreadlink: " Paul Eggert
2021-08-02 1:18 ` [PATCH 21/27] xstriconv: " Paul Eggert
2021-08-02 1:18 ` [PATCH 22/27] xvasprintf: " Paul Eggert
2021-08-02 1:18 ` [PATCH 23/27] vasnprintf: " Paul Eggert
2021-08-02 1:18 ` [PATCH 24/27] argmatch-tests: " Paul Eggert
2021-08-02 1:18 ` [PATCH 25/27] manywarnings: " Paul Eggert
2021-08-02 1:18 ` [PATCH 26/27] sigsegv-tests: make more things static Paul Eggert
2021-08-07 13:47 ` Bruno Haible
2021-08-02 1:18 ` [PATCH 27/27] * lib/quotarg.c: remove wrong, unneeded comment Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210802011821.1057057-7-eggert@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=bug-gnulib@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).