[RFC PATCH] Add alloc_size attribute to the default operator new and operator new[]
Jakub Jelinek
jakub@redhat.com
Wed Aug 3 12:31:00 GMT 2011
Hi!
As mentioned in PR49905, -D_FORTIFY_SOURCE{,=2} handles e.g.
malloc (4) or malloc (16) well, knowing that the resulting pointer
has object size 4 resp. 16, but for new int or new int[4], it currently
doesn't assume anything (i.e. __builtin_object_size (new int, 0) returns
-1). While I see the C++ standard unfortunately allows redefining
of the new and vector new operators, I wonder if for -D_FORTIFY_SOURCE
we could assume similar properties as for malloc for the object size
checking, i.e. that if these two operators are called with a constant
parameter, the object size allocated is the given size. I hope there
aren't C++ programs that override the default operator new, allocate fewer
or more bytes and expect that those can be accessed through the pointer
returned by new. At least -D_FORTIFY_SOURCE=2 is declared to be stricter
than the standard (but -D_FORTIFY_SOURCE=1 is not). Of course this wouldn't
affect programs not compiled with -D_FORTIFY_SOURCE{,=2}, wouldn't affect
placement new nor any class operator new/new[] (unless it calls the default
operator new/new[]).
Comments?
2011-08-03 Jakub Jelinek <jakub@redhat.com>
PR middle-end/49905
* decl.c (cxx_init_decl_processing): Add alloc_size (1) attribute
for operator new and operator new [].
* g++.dg/ext/builtin-object-size3.C: New test.
--- gcc/cp/decl.c.jj 2011-07-22 22:14:59.000000000 +0200
+++ gcc/cp/decl.c 2011-08-03 14:00:48.000000000 +0200
@@ -3629,6 +3629,7 @@ cxx_init_decl_processing (void)
current_lang_name = lang_name_cplusplus;
{
+ tree newattrs;
tree newtype, deltype;
tree ptr_ftype_sizetype;
tree new_eh_spec;
@@ -3656,7 +3657,11 @@ cxx_init_decl_processing (void)
else
new_eh_spec = noexcept_false_spec;
- newtype = build_exception_variant (ptr_ftype_sizetype, new_eh_spec);
+ newattrs
+ = build_tree_list (get_identifier ("alloc_size"),
+ build_tree_list (NULL_TREE, integer_one_node));
+ newtype = cp_build_type_attribute_variant (ptr_ftype_sizetype, newattrs);
+ newtype = build_exception_variant (newtype, new_eh_spec);
deltype = build_exception_variant (void_ftype_ptr, empty_except_spec);
push_cp_library_fn (NEW_EXPR, newtype);
push_cp_library_fn (VEC_NEW_EXPR, newtype);
--- gcc/testsuite/g++.dg/ext/builtin-object-size3.C.jj 2011-08-03 14:06:03.000000000 +0200
+++ gcc/testsuite/g++.dg/ext/builtin-object-size3.C 2011-08-03 14:04:21.000000000 +0200
@@ -0,0 +1,26 @@
+// { dg-do compile }
+// { dg-options "-O2" }
+
+void baz (int *, int *);
+
+#define MEMCPY(d,s,l) __builtin___memcpy_chk (d, s, l, __builtin_object_size (d, 0))
+
+int
+foo ()
+{
+ int *p = new int;
+ int *q = new int[4];
+ MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int));
+ MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int));
+ baz (p, q);
+}
+
+int
+bar ()
+{
+ int *p = new int;
+ int *q = new int[4];
+ MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int) + 1); // { dg-warning "will always overflow destination buffer" }
+ MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int) + 1); // { dg-warning "will always overflow destination buffer" }
+ baz (p, q);
+}
Jakub
More information about the Gcc-patches
mailing list