public inbox for libstdc++-cvs@sourceware.org
help / color / mirror / Atom feed
From: Aldy Hernandez <aldyh@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org
Subject: [gcc/devel/ranger] libstdc++: Fix incorrect size calculation in PMR resource (PR 94906)
Date: Wed, 17 Jun 2020 21:00:15 +0000 (GMT) [thread overview]
Message-ID: <20200617210015.18447398781F@sourceware.org> (raw)
https://gcc.gnu.org/g:bb27781b64162e1769df15e0c97e8d2145d2d10d
commit bb27781b64162e1769df15e0c97e8d2145d2d10d
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Mon May 4 21:13:28 2020 +0100
libstdc++: Fix incorrect size calculation in PMR resource (PR 94906)
Calculating the size of a chunk being returned to the upstream allocator
was done with a 32-bit type, so it wrapped if the chunk was 4GB or
larger.
I don't know how to test this without allocating 4GB, so there's no test
in the testsuite. It has been tested manually with allocations sizes and
alignments exceeding 4GB.
PR libstdc++/94906
* src/c++17/memory_resource.cc
(monotonic_buffer_resource::_Chunk::release): Use size_t for shift
operands.
Diff:
---
libstdc++-v3/ChangeLog | 7 +++++++
libstdc++-v3/src/c++17/memory_resource.cc | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/libstdc++-v3/ChangeLog b/libstdc++-v3/ChangeLog
index 739ab9eeb29..9cc811c884f 100644
--- a/libstdc++-v3/ChangeLog
+++ b/libstdc++-v3/ChangeLog
@@ -1,3 +1,10 @@
+2020-05-04 Jonathan Wakely <jwakely@redhat.com>
+
+ PR libstdc++/94906
+ * src/c++17/memory_resource.cc
+ (monotonic_buffer_resource::_Chunk::release): Use size_t for shift
+ operands.
+
2020-05-04 Nathan Sidwell <nathan@acm.org>
PR libstdc++/94747
diff --git a/libstdc++-v3/src/c++17/memory_resource.cc b/libstdc++-v3/src/c++17/memory_resource.cc
index 1acab19e306..95352b23537 100644
--- a/libstdc++-v3/src/c++17/memory_resource.cc
+++ b/libstdc++-v3/src/c++17/memory_resource.cc
@@ -228,8 +228,8 @@ namespace pmr
if (__ch->_M_canary != (__ch->_M_size | __ch->_M_align))
return; // buffer overflow detected!
- size_t __size = (1u << __ch->_M_size);
- size_t __align = (1u << __ch->_M_align);
+ size_t __size = (size_t)1 << __ch->_M_size;
+ size_t __align = (size_t)1 << __ch->_M_align;
void* __start = (char*)(__ch + 1) - __size;
__r->deallocate(__start, __size, __align);
}
reply other threads:[~2020-06-17 21:00 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200617210015.18447398781F@sourceware.org \
--to=aldyh@gcc.gnu.org \
--cc=gcc-cvs@gcc.gnu.org \
--cc=libstdc++-cvs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).