This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PR19351, C++] Fix heap overflow in operator new[]
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: gcc-patches at gcc dot gnu dot org
- Cc: Jason Merrill <jason at redhat dot com>, mark at codesourcery dot com
- Date: Tue, 01 Feb 2011 22:40:35 +0100
- Subject: Re: [PR19351, C++] Fix heap overflow in operator new[]
- References: <873a1eydec.fsf@mid.deneb.enyo.de> <87d3noemb8.fsf@mid.deneb.enyo.de>
* Florian Weimer:
> I wrote some time ago:
>
>> This proposed change addresses a long-standing issue in the size
>> calculations for operator new[]. The size value could be truncated,
>> and operator new[] would return too small an array in such cases.
>>
>> With this change, the size calculations are performed using
>> saturating arithmetic. If the value cannot be represented exactly,
>> ::operator new(size_t) is invoked with size_t(-1), usually throwing
>> a std::bad_alloc exception. The advantage of this approach is full
>> ABI compatibility (in both directions). The downside is slightly
>> worse code (but it's still branch-free on i386 and amd64; support
>> for saturating arithmetic would improve things further, of course).
>
> I have since fixed build_size_mult_saturated so that it should work in
> more configurations. The test case has been updated to work around
> the do-not-inline-into-main phenomenon.
>
> The patch passes bootstrap and regression testing on
> x86_64-unknown-linux-gnu.
Hi,
could you perhaps review this?
The patch is here:
<http://gcc.gnu.org/ml/gcc-patches/2011-01/msg01593.html>
Thanks,
Florian