Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 641436 Details for
Bug 875009
gcc: fix integer overflow in __cxa_vec_new[23]
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
gcc47-c++-cxa_vec_new-check.patch
gcc47-c++-cxa_vec_new-check.patch (text/plain), 3.54 KB, created by
Florian Weimer
on 2012-11-09 10:07:59 UTC
(
hide
)
Description:
gcc47-c++-cxa_vec_new-check.patch
Filename:
MIME Type:
Creator:
Florian Weimer
Created:
2012-11-09 10:07:59 UTC
Size:
3.54 KB
patch
obsolete
>Detect overflow in size calculations in __cxa_vec_new{2,3} > >2012-11-03 Florian Weimer <fweimer@redhat.com> > > * libsupc++/vec.cc (compute_size): New. > (__cxa_vec_new2, __cxa_vec_new3): Use it. > * testsuite/18_support/cxa_vec.cc: New. > > >diff --git a/libstdc++-v3/libsupc++/vec.cc b/libstdc++-v3/libsupc++/vec.cc >index 700c5ef..f9afd39 100644 >--- a/libstdc++-v3/libsupc++/vec.cc >+++ b/libstdc++-v3/libsupc++/vec.cc >@@ -1,7 +1,6 @@ > // New abi Support -*- C++ -*- > >-// Copyright (C) 2000, 2001, 2003, 2004, 2009, 2011 >-// Free Software Foundation, Inc. >+// Copyright (C) 2000-2012 Free Software Foundation, Inc. > // > // This file is part of GCC. > // >@@ -59,6 +58,19 @@ namespace __cxxabiv1 > globals->caughtExceptions = p->nextException; > globals->uncaughtExceptions += 1; > } >+ >+ // Compute the total size with overflow checking. >+ std::size_t compute_size(std::size_t element_count, >+ std::size_t element_size, >+ std::size_t padding_size) >+ { >+ if (element_size && element_count > std::size_t(-1) / element_size) >+ throw std::bad_alloc(); >+ std::size_t size = element_count * element_size; >+ if (size + padding_size < size) >+ throw std::bad_alloc(); >+ return size + padding_size; >+ } > } > > // Allocate and construct array. >@@ -83,7 +95,8 @@ namespace __cxxabiv1 > void *(*alloc) (std::size_t), > void (*dealloc) (void *)) > { >- std::size_t size = element_count * element_size + padding_size; >+ std::size_t size >+ = compute_size(element_count, element_size, padding_size); > char *base = static_cast <char *> (alloc (size)); > if (!base) > return base; >@@ -124,7 +137,8 @@ namespace __cxxabiv1 > void *(*alloc) (std::size_t), > void (*dealloc) (void *, std::size_t)) > { >- std::size_t size = element_count * element_size + padding_size; >+ std::size_t size >+ = compute_size(element_count, element_size, padding_size); > char *base = static_cast<char *>(alloc (size)); > if (!base) > return base; >diff --git a/libstdc++-v3/testsuite/18_support/cxa_vec.cc b/libstdc++-v3/testsuite/18_support/cxa_vec.cc >new file mode 100644 >index 0000000..08713f1 >--- /dev/null >+++ b/libstdc++-v3/testsuite/18_support/cxa_vec.cc >@@ -0,0 +1,64 @@ >+// { dg-do run } >+// Avoid use of non-overridable new/delete operators in shared >+// { dg-options "-static" { target *-*-mingw* } } >+// Test __cxa_vec routines >+// Copyright (C) 2000-2012 Free Software Foundation, Inc. >+// Contributed by Nathan Sidwell 7 Apr 2000 <nathan@nathan@codesourcery.com> >+ >+#include <cxxabi.h> >+#include <stdio.h> >+#include <new> >+#include <stdlib.h> >+#include <setjmp.h> >+ >+// Allocate enough padding to hold an array cookie. >+#ifdef __ARM_EABI__ >+static const size_t padding = 8; >+#else >+static const size_t padding = (sizeof (std::size_t)); >+#endif >+ >+// our pseudo ctors and dtors >+static abi::__cxa_cdtor_return_type ctor (void *x) >+{ >+ abort (); >+} >+ >+static abi::__cxa_cdtor_return_type dtor (void *x) >+{ >+ abort (); >+} >+ >+// allocate an array whose size causes an overflow during multiplication >+void test1 () >+{ >+ static const std::size_t large_size = >+ std::size_t(1) << (sizeof(std::size_t) * 8 - 2); >+ try >+ { >+ abi::__cxa_vec_new (large_size, 8, 0, ctor, dtor); >+ abort (); >+ } >+ catch (std::bad_alloc &) >+ { >+ } >+} >+ >+// allocate an array whose size causes an overflow during addition >+void test2 () >+{ >+ try >+ { >+ abi::__cxa_vec_new (std::size_t(-1) / 4, 4, padding, ctor, dtor); >+ abort (); >+ } >+ catch (std::bad_alloc &) >+ { >+ } >+} >+ >+int main () >+{ >+ test1 (); >+ test2 (); >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=641436">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 875009
: 641436