From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 209.51.188.0/24
X-Spam-Status: No, score=-3.4 required=3.0 tests=AWL,BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id C33121F8C6
	for <normalperson@yhbt.net>; Mon,  2 Aug 2021 01:19:31 +0000 (UTC)
Received: from localhost ([::1]:46364 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>)
	id 1mAMc6-00089d-Si
	for normalperson@yhbt.net; Sun, 01 Aug 2021 21:19:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47680)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1mAMbb-0006oi-UN
 for bug-gnulib@gnu.org; Sun, 01 Aug 2021 21:18:59 -0400
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:34158)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1mAMbY-0000on-Uj
 for bug-gnulib@gnu.org; Sun, 01 Aug 2021 21:18:59 -0400
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 01A271600F9
 for <bug-gnulib@gnu.org>; Sun,  1 Aug 2021 18:18:56 -0700 (PDT)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id WbBIY4jVeOVw; Sun,  1 Aug 2021 18:18:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 1E0DA1600FA;
 Sun,  1 Aug 2021 18:18:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 7xTvZ2uLPUvP; Sun,  1 Aug 2021 18:18:55 -0700 (PDT)
Received: from penguin.cs.ucla.edu (Penguin.CS.UCLA.EDU [131.179.64.200])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id EEE261600F6;
 Sun,  1 Aug 2021 18:18:54 -0700 (PDT)
From: Paul Eggert <eggert@cs.ucla.edu>
To: bug-gnulib@gnu.org
Subject: [PATCH 07/27] malloca: improve -fanalyzer malloc checking
Date: Sun,  1 Aug 2021 18:18:01 -0700
Message-Id: <20210802011821.1057057-7-eggert@cs.ucla.edu>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210802011821.1057057-1-eggert@cs.ucla.edu>
References: <20210802011821.1057057-1-eggert@cs.ucla.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=131.179.128.68; envelope-from=eggert@cs.ucla.edu;
 helo=zimbra.cs.ucla.edu
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnulib>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Cc: Paul Eggert <eggert@cs.ucla.edu>
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: "bug-gnulib" <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>

---
 ChangeLog     |  5 ++++-
 lib/malloca.c | 18 ++++++++++++------
 lib/malloca.h |  5 ++++-
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6bad8ceb6..166618a42 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,11 +3,14 @@
 	maint: improve -fanalyzer malloc checking
 	* lib/backup-internal.h, lib/backupfile.h:
 	* lib/canonicalize.h, lib/dfa.h, lib/dirname.h, lib/exclude.h:
-	* lib/filenamecat.h:
+	* lib/filenamecat.h, lib/malloca.h:
 	Add malloc-related attributes and include stdlib.h as needed.
 	* lib/dfa.c: Include verify.h.
 	(assume_nonnull): New macro.
 	(dfamust): Use it to pacify GCC.
+	* lib/malloca.c (mmalloca): Redo to pacify GCC, to cut down on the
+	number of casts, and to avoid signed integer overflow on
+	theoretical platforms.
=20
 2021-08-01  Jim Meyering  <meyering@fb.com>
=20
diff --git a/lib/malloca.c b/lib/malloca.c
index d7ad095b5..b4884234a 100644
--- a/lib/malloca.c
+++ b/lib/malloca.c
@@ -47,7 +47,8 @@ mmalloca (size_t n)
 #if HAVE_ALLOCA
   /* Allocate one more word, used to determine the address to pass to fr=
eea(),
      and room for the alignment =E2=89=A1 sa_alignment_max mod 2*sa_alig=
nment_max.  */
-  int plus =3D sizeof (small_t) + 2 * sa_alignment_max - 1;
+  uintptr_t alignment2_mask =3D 2 * sa_alignment_max - 1;
+  int plus =3D sizeof (small_t) + alignment2_mask;
   idx_t nplus;
   if (!INT_ADD_WRAPV (n, plus, &nplus) && !xalloc_oversized (nplus, 1))
     {
@@ -55,16 +56,21 @@ mmalloca (size_t n)
=20
       if (mem !=3D NULL)
         {
-          char *p =3D
-            (char *)((((uintptr_t)mem + sizeof (small_t) + sa_alignment_=
max - 1)
-                      & ~(uintptr_t)(2 * sa_alignment_max - 1))
-                     + sa_alignment_max);
+          uintptr_t umem =3D (uintptr_t)mem, umemplus;
+          /* The INT_ADD_WRAPV avoids signed integer overflow on
+             theoretical platforms where UINTPTR_MAX <=3D INT_MAX.  */
+          INT_ADD_WRAPV (umem, sizeof (small_t) + sa_alignment_max - 1,
+                         &umemplus);
+          idx_t offset =3D ((umemplus & ~alignment2_mask)
+                          + sa_alignment_max - umem);
+          void *vp =3D mem + offset;
+          small_t *p =3D vp;
           /* Here p >=3D mem + sizeof (small_t),
              and p <=3D mem + sizeof (small_t) + 2 * sa_alignment_max - =
1
              hence p + n <=3D mem + nplus.
              So, the memory range [p, p+n) lies in the allocated memory =
range
              [mem, mem + nplus).  */
-          ((small_t *) p)[-1] =3D p - mem;
+          p[-1] =3D offset;
           /* p =E2=89=A1 sa_alignment_max mod 2*sa_alignment_max.  */
           return p;
         }
diff --git a/lib/malloca.h b/lib/malloca.h
index 6fa1d8b20..dbbec3f06 100644
--- a/lib/malloca.h
+++ b/lib/malloca.h
@@ -65,7 +65,6 @@ extern "C" {
 # define malloca(N) \
   mmalloca (N)
 #endif
-extern void * mmalloca (size_t n);
=20
 /* Free a block of memory allocated through malloca().  */
 #if HAVE_ALLOCA
@@ -74,6 +73,10 @@ extern void freea (void *p);
 # define freea free
 #endif
=20
+extern void *mmalloca (size_t n)
+  _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC (freea, 1)
+  _GL_ATTRIBUTE_ALLOC_SIZE ((1));
+
 /* nmalloca(N,S) is an overflow-safe variant of malloca (N * S).
    It allocates an array of N objects, each with S bytes of memory,
    on the stack.  N and S should be nonnegative and free of side effects=
.
--=20
2.31.1