This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH, libgfortran] Add overflow check to xmalloc
- From: Bernhard Reutner-Fischer <rep dot dot dot nop at gmail dot com>
- To: Janne Blomqvist <blomqvist dot janne at gmail dot com>
- Cc: Fortran List <fortran at gcc dot gnu dot org>, GCC Patches <gcc-patches at gcc dot gnu dot org>
- Date: Mon, 16 Jun 2014 10:04:04 +0200
- Subject: Re: [PATCH, libgfortran] Add overflow check to xmalloc
- Authentication-results: sourceware.org; auth=none
- References: <CAO9iq9FrhNHVV2jDPafpq_6MjMGk-v4DgEOZ472c2uV7L2X4Bg at mail dot gmail dot com> <CAO9iq9HpOSSXCHWVFc0t0EQHKea+QVEEEmNYjY9L=7t+kh5o=A at mail dot gmail dot com> <CAO9iq9Epy02hgq4s3nknu+CSXq7RNrQnnDc0AF0wsUgpU49bAQ at mail dot gmail dot com> <CAO9iq9Gqj+9rQhMyUgTdzn+=9befKO-YNxDVQqdd2MHjTQbbBw at mail dot gmail dot com> <CAO9iq9FDj9H3+XGqsjFOXG=Jz70hyTNFbCfP+=U+-MUiSx2SDg at mail dot gmail dot com> <1469dfb0fd8 dot 2763 dot 0f39ed3bcad52ef2c88c90062b7714dc at gmail dot com> <CAO9iq9G7QAUspcFYzkVJHpKZSXJW=wi742xKfwfuuSCJQxVasw at mail dot gmail dot com> <146a37a9fc8 dot 2763 dot 0f39ed3bcad52ef2c88c90062b7714dc at gmail dot com> <CAO9iq9H-L+r-H8xmsR6jrB=voGTWHWmigBf208i0zGf-Wm1YBg at mail dot gmail dot com>
On 16 June 2014 09:39, Janne Blomqvist <blomqvist.janne@gmail.com> wrote:
> On Mon, Jun 16, 2014 at 10:01 AM, Bernhard Reutner-Fischer
> <rep.dot.nop@gmail.com> wrote:
>> On 16 June 2014 08:20:09 Janne Blomqvist <blomqvist.janne@gmail.com> wrote:
>>
>>> On Sun, Jun 15, 2014 at 8:23 AM, Bernhard Reutner-Fischer
>>> <rep.dot.nop@gmail.com> wrote:
>>> >
>>> >> >> On Tue, May 20, 2014 at 12:42 AM, Janne Blomqvist
>>> >> >> <blomqvist.janne@gmail.com> wrote:
>>> >> >>> On Thu, May 15, 2014 at 1:00 AM, Janne Blomqvist
>>> >> >>> <blomqvist.janne@gmail.com> wrote:
>>> >> >>>> Hi,
>>> >> >>>>
>>> >> >>>> a common malloc() pattern is "malloc(num_foo * sizeof(foo_t)",
>>> >> >>>> that
>>> >> >>>> is, create space for an array of type foo_t with num_foo elements.
>>> >> >>>> There is a slight danger here in that the multiplication can
>>> >> >>>> overflow
>>> >> >>>> and wrap around, and then the caller thinks it has a larger array
>>> >> >>>> than
>>> >> >>>> what malloc has actually created. The attached patch changes the
>>> >> >>>> libgfortran xmalloc() function to have an API similar to calloc()
>>> >> >>>> with
>>> >> >>>> two arguments, and the implementation checks for wraparound.
>>> >> >>>
>>> >> >>> Hello,
>>> >> >>>
>>> >> >>> attached is an updated patch which instead introduces a new
>>> >> >>> function,
>>> >> >>> xmallocarray, with the overflow check, and leaves the existing
>>> >> >>> xmalloc
>>> >> >>> as is. Thus avoiding the extra checking in the common case where
>>> >> >>> one
>>> >> >>> of the arguments to xmallocarray would be 1.
>>> >> >>>
>>> >> >>> Tested on x86_64-unknown-linux-gnu, Ok for trunk?
>>> >> >>>
>>> >
>>> >
>>> > I would prefer if xcmalloc would not be named xmallocarray.
>>>
>>> Hmm, never heard of that one before, but I have no particular
>>
>>
>> Great, I fat-fingered it, meant xcalloc.
>
> Ah well, we already have xcalloc, which is a calloc() wrapper. The
> intention of the new function here is to be a malloc() wrapper, but
> with an overflow check. There is no need to zero the memory, hence
> calloc() is not appropriate.
I see. So i suppose your v2 patch is fine then.
cheers,