This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Integer overflow in operator new


#include <stddef.h>

void *__allocate_array_of_RossRidge(size_t num, size_t size, size_t max_num) {

  if (num > max_num)
    size = ~size_t(0);
  else
    size *= num;
  return operator new[](size);
}

void *__allocate_array_of_JCPizarro(size_t num, size_t size, size_t
max_num) {
  if (num > max_num) return operator new[](~size_t(0));
  return operator new[](size*num);
}

void *__allocate_array_of_JCPizarro2(size_t num, size_t size, size_t max_num) {
  size_t result;
  if (num > max_num) return operator new[](~size_t(0));
  __asm __volatile("mull
%%edx":"=a"(result):"a"(num),"d"(size):/*???*/); // quick & dirty
  // See http://www.cs.sjsu.edu/~kirchher/CS047/multDiv.html
  //     One-operand imul:   &   Unsigned mul:
  return operator new[](result);
}

-----------------------------------------------------------------------------

_Z29__allocate_array_of_RossRidgejjj:
[ gcc v3.4.6 : 11 instructions ]
	movl	4(%esp), %edx
	cmpl	12(%esp), %edx
	movl	8(%esp), %eax
	jbe	.L2
	orl	$-1, %eax
	jmp	.L3
.L2:
	imull	%edx, %eax   # signed multiply!!! 1 bit signed + unsigned 31x31!!!
.L3:
	pushl	%eax
	call	_Znaj
	popl	%edx
	ret

_Z29__allocate_array_of_RossRidgejjj:
[ gcc 4.1.3 20070326 (prerelease) : 9 instructions ]
	movl	4(%esp), %eax
	orl	$-1, %ecx
	cmpl	12(%esp), %eax
	movl	8(%esp), %edx
	ja	.L16
	movl	%edx, %ecx
	imull	%eax, %ecx   # signed multiply!!! 1 bit signed + unsigned 31x31!!!
.L16:
	movl	%ecx, 4(%esp)
	jmp	_Znaj

_Z29__allocate_array_of_JCPizarrojjj:
[ gcc 4.1.3 20070326 (prerelease) and gcc 3.4.6 : 9 instructions ]
	movl	4(%esp), %edx
	cmpl	12(%esp), %edx
	movl	8(%esp), %eax
	jbe	.L8
	movl	$-1, 4(%esp)
	jmp	.L12            # <- why not jmp _Znaj directly?
.L8:
	imull	%edx, %eax   # signed multiply!!! 1 bit signed + unsigned 31x31!!!
	movl	%eax, 4(%esp)
.L12:
	jmp	_Znaj

_Z30__allocate_array_of_JCPizarro2jjj:
[ gcc 4.1.3 20070326 (prerelease) and gcc 3.4.6 : 9 instructions ]
	movl	4(%esp), %eax
	cmpl	12(%esp), %eax
	movl	8(%esp), %edx
	jbe	.L2
	movl	$-1, 4(%esp)
	jmp	.L6            # <- why not jmp _Znaj directly?
.L2:
#APP
	mull   %edx   # unsigned 32x32!!! mul is little bit slower than imul
in clock cycles.
#NO_APP
	movl	%eax, 4(%esp)
.L6:
	jmp	_Znaj

-----------------------------------------------------------------------------

J.C. Pizarro

Attachment: allocate_array_april2007_2.tar.gz
Description: GNU Zip compressed data


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]