[1/2] Replace check_mul_overflow_size_t with INT_MULTIPLY_WRAPV
Commit Message
Checked on x86_64-linux-gnu and i686-linux-gnu.
* malloc/alloc_buffer_alloc_array.c (__libc_alloc_buffer_alloc_array):
Use INT_MULTIPLY_WRAPV in place of check_mul_overflow_size_t.
* malloc/dynarray_emplace_enlarge.c (__libc_dynarray_emplace_enlarge):
Likewise.
* malloc/dynarray_resize.c (__libc_dynarray_resize): Likewise.
* malloc/reallocarray.c (__libc_reallocarray): Likewise.
* malloc/malloc-internal.h (check_mul_overflow_size_t): Remove
function.
* support/blob_repeat.c (check_mul_overflow_size_t,
(minimum_stride_size, support_blob_repeat_allocate): Likewise.
---
ChangeLog | 13 +++++++++++++
malloc/alloc_buffer_alloc_array.c | 4 ++--
malloc/dynarray_emplace_enlarge.c | 4 ++--
malloc/dynarray_resize.c | 4 ++--
malloc/malloc-internal.h | 20 --------------------
malloc/reallocarray.c | 7 +++----
support/blob_repeat.c | 27 ++++-----------------------
7 files changed, 26 insertions(+), 53 deletions(-)
Comments
Thanks, this patch looks good.
* Adhemerval Zanella:
> - bool overflow = check_mul_overflow_size_t (element_size, count, &size);
> + bool overflow = INT_MULTIPLY_WRAPV (element_size, count, &size);
What's the reason for not using the compiler built-in?
Florian Weimer wrote:
>> - bool overflow = check_mul_overflow_size_t (element_size, count, &size);
>> + bool overflow = INT_MULTIPLY_WRAPV (element_size, count, &size);
> What's the reason for not using the compiler built-in?
Presumably Adhemerval wrote that patch before Joseph's commit yesterday that
bumped glibc's minimum GCC requirement from GCC 4.9 to GCC 5. But you're right,
now that we're requiring GCC 5 the code can use __builtin_mul_overflow instead
of INT_MULTIPLY_WRAPV. And using the builtin would address DJ's concern as well.
So it would be better to redo the patch that way.
@@ -17,7 +17,7 @@
<http://www.gnu.org/licenses/>. */
#include <alloc_buffer.h>
-#include <malloc-internal.h>
+#include <intprops.h>
#include <libc-pointer-arith.h>
void *
@@ -28,7 +28,7 @@ __libc_alloc_buffer_alloc_array (struct alloc_buffer *buf, size_t element_size,
/* The caller asserts that align is a power of two. */
size_t aligned = ALIGN_UP (current, align);
size_t size;
- bool overflow = check_mul_overflow_size_t (element_size, count, &size);
+ bool overflow = INT_MULTIPLY_WRAPV (element_size, count, &size);
size_t new_current = aligned + size;
if (!overflow /* Multiplication did not overflow. */
&& aligned >= current /* No overflow in align step. */
@@ -18,7 +18,7 @@
#include <dynarray.h>
#include <errno.h>
-#include <malloc-internal.h>
+#include <intprops.h>
#include <stdlib.h>
#include <string.h>
@@ -52,7 +52,7 @@ __libc_dynarray_emplace_enlarge (struct dynarray_header *list,
}
size_t new_size;
- if (check_mul_overflow_size_t (new_allocated, element_size, &new_size))
+ if (INT_MULTIPLY_WRAPV (new_allocated, element_size, &new_size))
return false;
void *new_array;
if (list->array == scratch)
@@ -18,7 +18,7 @@
#include <dynarray.h>
#include <errno.h>
-#include <malloc-internal.h>
+#include <intprops.h>
#include <stdlib.h>
#include <string.h>
@@ -38,7 +38,7 @@ __libc_dynarray_resize (struct dynarray_header *list, size_t size,
over-allocation here. */
size_t new_size_bytes;
- if (check_mul_overflow_size_t (size, element_size, &new_size_bytes))
+ if (INT_MULTIPLY_WRAPV (size, element_size, &new_size_bytes))
{
/* Overflow. */
__set_errno (ENOMEM);
@@ -74,24 +74,4 @@ void __malloc_fork_unlock_child (void) attribute_hidden;
/* Called as part of the thread shutdown sequence. */
void __malloc_arena_thread_freeres (void) attribute_hidden;
-/* Set *RESULT to LEFT * RIGHT. Return true if the multiplication
- overflowed. */
-static inline bool
-check_mul_overflow_size_t (size_t left, size_t right, size_t *result)
-{
-#if __GNUC__ >= 5
- return __builtin_mul_overflow (left, right, result);
-#else
- /* size_t is unsigned so the behavior on overflow is defined. */
- *result = left * right;
- size_t half_size_t = ((size_t) 1) << (8 * sizeof (size_t) / 2);
- if (__glibc_unlikely ((left | right) >= half_size_t))
- {
- if (__glibc_unlikely (right != 0 && *result / right != left))
- return true;
- }
- return false;
-#endif
-}
-
#endif /* _MALLOC_INTERNAL_H */
@@ -18,19 +18,18 @@
#include <errno.h>
#include <malloc.h>
-#include <malloc/malloc-internal.h>
+#include <intprops.h>
void *
__libc_reallocarray (void *optr, size_t nmemb, size_t elem_size)
{
size_t bytes;
- if (check_mul_overflow_size_t (nmemb, elem_size, &bytes))
+ if (INT_MULTIPLY_WRAPV (nmemb, elem_size, &bytes))
{
__set_errno (ENOMEM);
return 0;
}
- else
- return realloc (optr, bytes);
+ return realloc (optr, bytes);
}
libc_hidden_def (__libc_reallocarray)
@@ -29,31 +29,12 @@
#include <sys/mman.h>
#include <unistd.h>
#include <wchar.h>
+#include <intprops.h>
/* Small allocations should use malloc directly instead of the mmap
optimization because mappings carry a lot of overhead. */
static const size_t maximum_small_size = 4 * 1024 * 1024;
-/* Set *RESULT to LEFT * RIGHT. Return true if the multiplication
- overflowed. See <malloc/malloc-internal.h>. */
-static inline bool
-check_mul_overflow_size_t (size_t left, size_t right, size_t *result)
-{
-#if __GNUC__ >= 5
- return __builtin_mul_overflow (left, right, result);
-#else
- /* size_t is unsigned so the behavior on overflow is defined. */
- *result = left * right;
- size_t half_size_t = ((size_t) 1) << (8 * sizeof (size_t) / 2);
- if (__glibc_unlikely ((left | right) >= half_size_t))
- {
- if (__glibc_unlikely (right != 0 && *result / right != left))
- return true;
- }
- return false;
-#endif
-}
-
/* Internal helper for fill. */
static void
fill0 (char *target, const char *element, size_t element_size,
@@ -138,8 +119,8 @@ minimum_stride_size (size_t page_size, size_t element_size)
common multiple, it appears only once. Therefore, shift one
factor. */
size_t multiple;
- if (check_mul_overflow_size_t (page_size >> common_zeros, element_size,
- &multiple))
+ if (INT_MULTIPLY_WRAPV (page_size >> common_zeros, element_size,
+ &multiple))
return 0;
return multiple;
}
@@ -275,7 +256,7 @@ support_blob_repeat_allocate (const void *element, size_t element_size,
size_t count)
{
size_t total_size;
- if (check_mul_overflow_size_t (element_size, count, &total_size))
+ if (INT_MULTIPLY_WRAPV (element_size, count, &total_size))
{
errno = EOVERFLOW;
return (struct support_blob_repeat) { 0 };