public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
* RFA: PATCH to check for overflow in make_tree_vec_stat
@ 2017-05-19  3:03 Jason Merrill
  2017-05-19 10:10 ` Richard Biener
  0 siblings, 1 reply; 3+ messages in thread
From: Jason Merrill @ 2017-05-19  3:03 UTC (permalink / raw)
  To: gcc-patches List

[-- Attachment #1: Type: text/plain, Size: 312 bytes --]

A patch I've been putting together ran into strange memory corruption
issues which turned out to be because the calculation in
make_tree_vec_stat was overflowing and allocating a small TREE_VEC
instead of a large one.  This assert should work as a simple sanity
check.

Tested x86_64-pc-linux-gnu, OK for trunk?

[-- Attachment #2: vec-overflow.diff --]
[-- Type: text/plain, Size: 633 bytes --]

commit 59ccf3b1dd5aaf9611a133ad55d950de525e862d
Author: Jason Merrill <jason@redhat.com>
Date:   Thu May 18 15:23:53 2017 -0400

            * tree.c (make_tree_vec_stat): Check for overflow.

diff --git a/gcc/tree.c b/gcc/tree.c
index 7506725..327332b 100644
--- a/gcc/tree.c
+++ b/gcc/tree.c
@@ -2270,6 +2270,9 @@ make_tree_vec_stat (int len MEM_STAT_DECL)
   tree t;
   int length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
 
+  /* Cheap check for overflow.  */
+  gcc_assert (length > len);
+
   record_node_allocation_statistics (TREE_VEC, length);
 
   t = ggc_alloc_cleared_tree_node_stat (length PASS_MEM_STAT);

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: RFA: PATCH to check for overflow in make_tree_vec_stat
  2017-05-19  3:03 RFA: PATCH to check for overflow in make_tree_vec_stat Jason Merrill
@ 2017-05-19 10:10 ` Richard Biener
  2017-05-19 19:03   ` Jason Merrill
  0 siblings, 1 reply; 3+ messages in thread
From: Richard Biener @ 2017-05-19 10:10 UTC (permalink / raw)
  To: Jason Merrill; +Cc: gcc-patches List

On Fri, May 19, 2017 at 4:32 AM, Jason Merrill <jason@redhat.com> wrote:
> A patch I've been putting together ran into strange memory corruption
> issues which turned out to be because the calculation in
> make_tree_vec_stat was overflowing and allocating a small TREE_VEC
> instead of a large one.  This assert should work as a simple sanity
> check.

Hmm, looks like 'length' should be size_t?  Then nothing can overflow anymore
(on hosts with size_t 64bit and int 32bit)

> Tested x86_64-pc-linux-gnu, OK for trunk?

Thanks,
Richard.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: RFA: PATCH to check for overflow in make_tree_vec_stat
  2017-05-19 10:10 ` Richard Biener
@ 2017-05-19 19:03   ` Jason Merrill
  0 siblings, 0 replies; 3+ messages in thread
From: Jason Merrill @ 2017-05-19 19:03 UTC (permalink / raw)
  To: Richard Biener; +Cc: gcc-patches List

[-- Attachment #1: Type: text/plain, Size: 752 bytes --]

On Fri, May 19, 2017 at 5:14 AM, Richard Biener
<richard.guenther@gmail.com> wrote:
> On Fri, May 19, 2017 at 4:32 AM, Jason Merrill <jason@redhat.com> wrote:
>> A patch I've been putting together ran into strange memory corruption
>> issues which turned out to be because the calculation in
>> make_tree_vec_stat was overflowing and allocating a small TREE_VEC
>> instead of a large one.  This assert should work as a simple sanity
>> check.
>
> Hmm, looks like 'length' should be size_t?  Then nothing can overflow anymore
> (on hosts with size_t 64bit and int 32bit)

Sure.  I imagine that anything trying to create a TREE_VEC that large
is going to have a bad time for other reasons, but those will probably
be more obvious.

Applying this:

Jason

[-- Attachment #2: vec-size_t.diff --]
[-- Type: text/plain, Size: 1108 bytes --]

commit 2a5c0a40193350e57407165d17afe427a9f42325
Author: Jason Merrill <jason@redhat.com>
Date:   Thu May 18 15:23:53 2017 -0400

            * tree.c (make_tree_vec_stat, grow_tree_vec_stat): Use size_t.

diff --git a/gcc/tree.c b/gcc/tree.c
index 7506725..db31620 100644
--- a/gcc/tree.c
+++ b/gcc/tree.c
@@ -2268,7 +2268,7 @@ tree
 make_tree_vec_stat (int len MEM_STAT_DECL)
 {
   tree t;
-  int length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
+  size_t length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
 
   record_node_allocation_statistics (TREE_VEC, length);
 
@@ -2290,8 +2290,8 @@ grow_tree_vec_stat (tree v, int len MEM_STAT_DECL)
   int oldlen = TREE_VEC_LENGTH (v);
   gcc_assert (len > oldlen);
 
-  int oldlength = (oldlen - 1) * sizeof (tree) + sizeof (struct tree_vec);
-  int length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
+  size_t oldlength = (oldlen - 1) * sizeof (tree) + sizeof (struct tree_vec);
+  size_t length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
 
   record_node_allocation_statistics (TREE_VEC, length - oldlength);
 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-05-19 19:02 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-19  3:03 RFA: PATCH to check for overflow in make_tree_vec_stat Jason Merrill
2017-05-19 10:10 ` Richard Biener
2017-05-19 19:03   ` Jason Merrill

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).