This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PR19351, C++] Fix heap overflow in operator new[]

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Richard Guenther <richard dot guenther at gmail dot com>
Cc: Eric Botcazou <ebotcazou at adacore dot com>, gcc-patches at gcc dot gnu dot org
Date: Wed, 10 Feb 2010 13:05:56 +0100
Subject: Re: [PR19351, C++] Fix heap overflow in operator new[]
References: <873a1eydec.fsf@mid.deneb.enyo.de> <201002061014.26692.ebotcazou@adacore.com> <87fx5ewvzo.fsf@mid.deneb.enyo.de> <84fc9c001002060536j249009dcx8a54198ef0baf7ee@mail.gmail.com> <87aavmv4dz.fsf@mid.deneb.enyo.de> <84fc9c001002060620k491cc223sc20c5e1c749c2607@mail.gmail.com> <87k4uqryjn.fsf@mid.deneb.enyo.de> <84fc9c001002061056p25381b2cje17c6085b9159fea@mail.gmail.com>

* Richard Guenther:

> On Sat, Feb 6, 2010 at 7:47 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
>> * Richard Guenther:
>>
>>> Note that it doesn't touch the ABI at all as you only would use
>>> fixed-point types for intermediate computation.
>>
>> You'd need new multiplication routines on some targets.
>
> Yes, of course.  Or have a generic implementation (that of course
> involves control flow again).

That's what I meant with "ABI change".

Anyway, if we're after code size, we really should change the C++ API
to do all the heavy lifting in the run-time library (in particular,
the multiplication and maybe even the constructor/destructor calls
across the freshly-created array).  That would avoid adding new
middle-end types, folding logic, and new expanders, of course at the
cost of a C++ ABI change.

I had initially hoped to be able to get the change on the 4.4 branch,
and maybe even the 4.3 branch.  But with all those extra changes
around it, this is out of the question.  I'm also not familiar with
GCC internals yet.  Looks like I have to live with the occasional
operator-new[]-induced security updated instead. 8-(

>> It's also broken because the code to determine (size_t)-1 failed.
>> What is the correct way to obtain the number of bits in the target
>> size_t type?
>
> It should be TYPE_PRECISION (size_type_node).

Thanks.

Follow-Ups:
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Andrew Pinski

References:
- [PR19351, C++] Fix heap overflow in operator new[]
  - From: Florian Weimer
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Eric Botcazou
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Florian Weimer
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Richard Guenther
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Florian Weimer
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Richard Guenther
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Florian Weimer
- Re: [PR19351, C++] Fix heap overflow in operator new[]
  - From: Richard Guenther

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]