From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <derodat@adacore.com>
Received: from rock.gnat.com (rock.gnat.com
 [IPv6:2620:20:4000:0:a9e:1ff:fe9b:1d1])
 by sourceware.org (Postfix) with ESMTP id 8C31B388A82D
 for <gcc-patches@gcc.gnu.org>; Thu, 16 Jul 2020 09:20:51 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 8C31B388A82D
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=adacore.com
Authentication-Results: sourceware.org;
 spf=pass smtp.mailfrom=derodat@adacore.com
Received: from localhost (localhost.localdomain [127.0.0.1])
 by filtered-rock.gnat.com (Postfix) with ESMTP id 4987A5608B;
 Thu, 16 Jul 2020 05:20:51 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at gnat.com
Received: from rock.gnat.com ([127.0.0.1])
 by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 0Twypx1B-idA; Thu, 16 Jul 2020 05:20:51 -0400 (EDT)
Received: from tron.gnat.com (tron.gnat.com [205.232.38.10])
 by rock.gnat.com (Postfix) with ESMTP id 36B5856075;
 Thu, 16 Jul 2020 05:20:51 -0400 (EDT)
Received: by tron.gnat.com (Postfix, from userid 4862)
 id 35BFB136; Thu, 16 Jul 2020 05:20:51 -0400 (EDT)
Date: Thu, 16 Jul 2020 05:20:51 -0400
From: Pierre-Marie de Rodat <derodat@adacore.com>
To: gcc-patches@gcc.gnu.org
Cc: Arnaud Charlet <charlet@adacore.com>
Subject: [Ada] Add centralized capacity check in Generic_Bignums
Message-ID: <20200716092051.GA146384@adacore.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="pWyiEgJYm5f9v55/"
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <http://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <http://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2020 09:20:54 -0000


--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

This replaces the special case done in "**" so far.

Tested on x86_64-pc-linux-gnu, committed on trunk

gcc/ada/

	* libgnat/s-genbig.adb ("**"): Remove capacity limit check.
	Improve code by using an extended return.
	(Normalize): Perform capacity limit check here instead which is
	the centralized place where (potentially large) big integers are
	allocated.
--pWyiEgJYm5f9v55/
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="patch.diff"

diff --git a/gcc/ada/libgnat/s-genbig.adb b/gcc/ada/libgnat/s-genbig.adb
--- a/gcc/ada/libgnat/s-genbig.adb
+++ b/gcc/ada/libgnat/s-genbig.adb
@@ -98,6 +98,7 @@ package body System.Generic_Bignums is
    --  Given a digit vector and sign, allocate and construct a big integer
    --  value. Note that X may have leading zeroes which must be removed, and if
    --  the result is zero, the sign is forced positive.
+   --  If X is too big, Storage_Error is raised.
 
    function "**" (X : Bignum; Y : SD) return Big_Integer;
    --  Exponentiation routine where we know right operand is one word
@@ -274,32 +275,18 @@ package body System.Generic_Bignums is
                XY2  : aliased Big_Integer := X ** (Y / 2);
                XY2S : aliased Big_Integer :=
                  Big_Mul (To_Bignum (XY2), To_Bignum (XY2));
-               Res  : Big_Integer;
 
             begin
                Free_Big_Integer (XY2);
 
-               --  Raise storage error if intermediate value is getting too
-               --  large, which we arbitrarily define as 200 words for now.
-               --  ??? Consider putting a limit instead in a wrapper of
-               --  Allocate_Big_Integer and update all calls to
-               --  Allocate_Big_Integer to call this wrapper, to catch all such
-               --  cases.
-
-               if To_Bignum (XY2S).Len > 200 then
-                  Free_Big_Integer (XY2S);
-                  raise Storage_Error with
-                    "exponentiation result is too large";
-               end if;
-
-               --  Otherwise take care of even/odd cases
-
                if (Y and 1) = 0 then
                   return XY2S;
                else
-                  Res := Big_Mul (To_Bignum (XY2S), X);
-                  Free_Big_Integer (XY2S);
-                  return Res;
+                  return Res : constant Big_Integer :=
+                    Big_Mul (To_Bignum (XY2S), X)
+                  do
+                     Free_Big_Integer (XY2S);
+                  end return;
                end if;
             end;
       end case;
@@ -1108,6 +1095,8 @@ package body System.Generic_Bignums is
    -- Normalize --
    ---------------
 
+   Bignum_Limit : constant := 200;
+
    function Normalize
      (X   : Digit_Vector;
       Neg : Boolean := False) return Big_Integer
@@ -1120,6 +1109,10 @@ package body System.Generic_Bignums is
          J := J + 1;
       end loop;
 
+      if X'Last - J > Bignum_Limit then
+         raise Storage_Error with "big integer limit exceeded";
+      end if;
+
       return Allocate_Big_Integer (X (J .. X'Last), J <= X'Last and then Neg);
    end Normalize;
 



--pWyiEgJYm5f9v55/--