From ae9d6af3f6b9f661813f344434c3d5446e5d4833 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 9 Nov 2012 10:35:58 +0000 Subject: svn merge -r193173:193174 svn+ssh://gcc.gnu.org/svn/gcc/trunk svn merge -r193325:193326 svn+ssh://gcc.gnu.org/svn/gcc/trunk git-svn-id: https://gcc.gnu.org/svn/gcc/branches/redhat/gcc-4_7-branch@193356 138bc75d-0d04-0410-961f-82ee72b054a4 --- gcc/testsuite/ChangeLog | 4 ++ gcc/testsuite/g++.old-deja/g++.abi/cxa_vec.C | 2 +- libstdc++-v3/ChangeLog | 10 +++++ libstdc++-v3/libsupc++/vec.cc | 22 ++++++++-- libstdc++-v3/testsuite/18_support/cxa_vec.cc | 64 ++++++++++++++++++++++++++++ 5 files changed, 97 insertions(+), 5 deletions(-) create mode 100644 libstdc++-v3/testsuite/18_support/cxa_vec.cc diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 0b399b3427a..3e4e83cd4aa 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,7 @@ +2012-11-08 Florian Weimer + + * g++.old-deja/g++.abi/cxa_vec.C: Fix typo in comment. + 2012-11-07 Florian Weimer * g++.dg/init/new40.C: New. diff --git a/gcc/testsuite/g++.old-deja/g++.abi/cxa_vec.C b/gcc/testsuite/g++.old-deja/g++.abi/cxa_vec.C index f3d602ffd32..d52637281fe 100644 --- a/gcc/testsuite/g++.old-deja/g++.abi/cxa_vec.C +++ b/gcc/testsuite/g++.old-deja/g++.abi/cxa_vec.C @@ -5,7 +5,7 @@ // are resolved when the kernel is linked. // { dg-do run { xfail { powerpc-ibm-aix* || vxworks_kernel } } } // { dg-options "-flat_namespace" { target *-*-darwin[67]* } } -// Avoid use of none-overridable new/delete operators in shared +// Avoid use of non-overridable new/delete operators in shared // { dg-options "-static" { target *-*-mingw* } } // Test __cxa_vec routines // Copyright (C) 2000, 2005 Free Software Foundation, Inc. diff --git a/libstdc++-v3/ChangeLog b/libstdc++-v3/ChangeLog index 67582e62f0c..7e65eb8f075 100644 --- a/libstdc++-v3/ChangeLog +++ b/libstdc++-v3/ChangeLog @@ -1,3 +1,13 @@ +2012-11-08 Florian Weimer + + * testsuite/18_support/cxa_vec.cc: Fix typo in comment. + +2012-11-03 Florian Weimer + + * libsupc++/vec.cc (compute_size): New. + (__cxa_vec_new2, __cxa_vec_new3): Use it. + * testsuite/18_support/cxa_vec.cc: New. + 2012-11-08 François Dumont PR libstdc++/54075 diff --git a/libstdc++-v3/libsupc++/vec.cc b/libstdc++-v3/libsupc++/vec.cc index 700c5ef431d..f9afd39df9b 100644 --- a/libstdc++-v3/libsupc++/vec.cc +++ b/libstdc++-v3/libsupc++/vec.cc @@ -1,7 +1,6 @@ // New abi Support -*- C++ -*- -// Copyright (C) 2000, 2001, 2003, 2004, 2009, 2011 -// Free Software Foundation, Inc. +// Copyright (C) 2000-2012 Free Software Foundation, Inc. // // This file is part of GCC. // @@ -59,6 +58,19 @@ namespace __cxxabiv1 globals->caughtExceptions = p->nextException; globals->uncaughtExceptions += 1; } + + // Compute the total size with overflow checking. + std::size_t compute_size(std::size_t element_count, + std::size_t element_size, + std::size_t padding_size) + { + if (element_size && element_count > std::size_t(-1) / element_size) + throw std::bad_alloc(); + std::size_t size = element_count * element_size; + if (size + padding_size < size) + throw std::bad_alloc(); + return size + padding_size; + } } // Allocate and construct array. @@ -83,7 +95,8 @@ namespace __cxxabiv1 void *(*alloc) (std::size_t), void (*dealloc) (void *)) { - std::size_t size = element_count * element_size + padding_size; + std::size_t size + = compute_size(element_count, element_size, padding_size); char *base = static_cast (alloc (size)); if (!base) return base; @@ -124,7 +137,8 @@ namespace __cxxabiv1 void *(*alloc) (std::size_t), void (*dealloc) (void *, std::size_t)) { - std::size_t size = element_count * element_size + padding_size; + std::size_t size + = compute_size(element_count, element_size, padding_size); char *base = static_cast(alloc (size)); if (!base) return base; diff --git a/libstdc++-v3/testsuite/18_support/cxa_vec.cc b/libstdc++-v3/testsuite/18_support/cxa_vec.cc new file mode 100644 index 00000000000..89fa111bdc5 --- /dev/null +++ b/libstdc++-v3/testsuite/18_support/cxa_vec.cc @@ -0,0 +1,64 @@ +// { dg-do run } +// Avoid use of non-overridable new/delete operators in shared +// { dg-options "-static" { target *-*-mingw* } } +// Test __cxa_vec routines +// Copyright (C) 2000-2012 Free Software Foundation, Inc. +// Contributed by Nathan Sidwell 7 Apr 2000 + +#include +#include +#include +#include +#include + +// Allocate enough padding to hold an array cookie. +#ifdef __ARM_EABI__ +static const size_t padding = 8; +#else +static const size_t padding = (sizeof (std::size_t)); +#endif + +// our pseudo ctors and dtors +static abi::__cxa_cdtor_return_type ctor (void *x) +{ + abort (); +} + +static abi::__cxa_cdtor_return_type dtor (void *x) +{ + abort (); +} + +// allocate an array whose size causes an overflow during multiplication +void test1 () +{ + static const std::size_t large_size = + std::size_t(1) << (sizeof(std::size_t) * 8 - 2); + try + { + abi::__cxa_vec_new (large_size, 8, 0, ctor, dtor); + abort (); + } + catch (std::bad_alloc &) + { + } +} + +// allocate an array whose size causes an overflow during addition +void test2 () +{ + try + { + abi::__cxa_vec_new (std::size_t(-1) / 4, 4, padding, ctor, dtor); + abort (); + } + catch (std::bad_alloc &) + { + } +} + +int main () +{ + test1 (); + test2 (); +} -- cgit v1.2.3