[RFC PATCH] Add alloc_size attribute to the default operator new and operator new[]

Jakub Jelinek jakub@redhat.com
Wed Aug 3 12:31:00 GMT 2011 

Hi!

As mentioned in PR49905, -D_FORTIFY_SOURCE{,=2} handles e.g.
malloc (4) or malloc (16) well, knowing that the resulting pointer
has object size 4 resp. 16, but for new int or new int[4], it currently
doesn't assume anything (i.e. __builtin_object_size (new int, 0) returns
-1).  While I see the C++ standard unfortunately allows redefining
of the new and vector new operators, I wonder if for -D_FORTIFY_SOURCE
we could assume similar properties as for malloc for the object size
checking, i.e. that if these two operators are called with a constant
parameter, the object size allocated is the given size.  I hope there
aren't C++ programs that override the default operator new, allocate fewer
or more bytes and expect that those can be accessed through the pointer
returned by new.  At least -D_FORTIFY_SOURCE=2 is declared to be stricter
than the standard (but -D_FORTIFY_SOURCE=1 is not).  Of course this wouldn't
affect programs not compiled with -D_FORTIFY_SOURCE{,=2}, wouldn't affect
placement new nor any class operator new/new[] (unless it calls the default
operator new/new[]).

Comments?

2011-08-03  Jakub Jelinek  <jakub@redhat.com>

	PR middle-end/49905
	* decl.c (cxx_init_decl_processing): Add alloc_size (1) attribute
	for operator new and operator new [].

	* g++.dg/ext/builtin-object-size3.C: New test.

--- gcc/cp/decl.c.jj	2011-07-22 22:14:59.000000000 +0200
+++ gcc/cp/decl.c	2011-08-03 14:00:48.000000000 +0200
@@ -3629,6 +3629,7 @@ cxx_init_decl_processing (void)
   current_lang_name = lang_name_cplusplus;
 
   {
+    tree newattrs;
     tree newtype, deltype;
     tree ptr_ftype_sizetype;
     tree new_eh_spec;
@@ -3656,7 +3657,11 @@ cxx_init_decl_processing (void)
     else
       new_eh_spec = noexcept_false_spec;
 
-    newtype = build_exception_variant (ptr_ftype_sizetype, new_eh_spec);
+    newattrs
+      = build_tree_list (get_identifier ("alloc_size"),
+			 build_tree_list (NULL_TREE, integer_one_node));
+    newtype = cp_build_type_attribute_variant (ptr_ftype_sizetype, newattrs);
+    newtype = build_exception_variant (newtype, new_eh_spec);
     deltype = build_exception_variant (void_ftype_ptr, empty_except_spec);
     push_cp_library_fn (NEW_EXPR, newtype);
     push_cp_library_fn (VEC_NEW_EXPR, newtype);
--- gcc/testsuite/g++.dg/ext/builtin-object-size3.C.jj	2011-08-03 14:06:03.000000000 +0200
+++ gcc/testsuite/g++.dg/ext/builtin-object-size3.C	2011-08-03 14:04:21.000000000 +0200
@@ -0,0 +1,26 @@
+// { dg-do compile }
+// { dg-options "-O2" }
+
+void baz (int *, int *);
+
+#define MEMCPY(d,s,l) __builtin___memcpy_chk (d, s, l, __builtin_object_size (d, 0))
+
+int
+foo ()
+{
+  int *p = new int;
+  int *q = new int[4];
+  MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int));
+  MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int));
+  baz (p, q);
+}
+
+int
+bar ()
+{
+  int *p = new int;
+  int *q = new int[4];
+  MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int) + 1);		// { dg-warning "will always overflow destination buffer" }
+  MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int) + 1);	// { dg-warning "will always overflow destination buffer" }
+  baz (p, q);
+}

	Jakub

More information about the Gcc-patches mailing list