From 97323d81fa8f5341c0fc2aeac13115ea6a9b95fc Mon Sep 17 00:00:00 2001 From: Clark Gaebel Date: Sat, 7 Feb 2015 18:49:54 -0500 Subject: [PATCH 1/4] [liballoc] Adds checks for UB during allocation. They're only enabled in debug builds, but a panic is usually more welcome than UB in debug builds. --- src/liballoc/heap.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/liballoc/heap.rs b/src/liballoc/heap.rs index 1d5637a6ad6b3..0f70da27fc165 100644 --- a/src/liballoc/heap.rs +++ b/src/liballoc/heap.rs @@ -8,9 +8,15 @@ // option. This file may not be copied, modified, or distributed // except according to those terms. +use core::num::UnsignedInt; #[cfg(not(test))] use core::ptr::PtrExt; +fn check_size_and_alignment(size: uint, align: uint) { + debug_assert!(size != 0); + debug_assert!(align.is_power_of_two(), "Invalid alignment of {}", align); +} + // FIXME: #13996: mark the `allocate` and `reallocate` return value as `noalias` /// Return a pointer to `size` bytes of memory aligned to `align`. @@ -22,6 +28,7 @@ use core::ptr::PtrExt; /// size on the platform. #[inline] pub unsafe fn allocate(size: uint, align: uint) -> *mut u8 { + check_size_and_alignment(size, align); imp::allocate(size, align) } @@ -38,6 +45,7 @@ pub unsafe fn allocate(size: uint, align: uint) -> *mut u8 { /// any value in range_inclusive(requested_size, usable_size). #[inline] pub unsafe fn reallocate(ptr: *mut u8, old_size: uint, size: uint, align: uint) -> *mut u8 { + check_size_and_alignment(size, align); imp::reallocate(ptr, old_size, size, align) } @@ -55,6 +63,7 @@ pub unsafe fn reallocate(ptr: *mut u8, old_size: uint, size: uint, align: uint) /// any value in range_inclusive(requested_size, usable_size). #[inline] pub unsafe fn reallocate_inplace(ptr: *mut u8, old_size: uint, size: uint, align: uint) -> uint { + check_size_and_alignment(size, align); imp::reallocate_inplace(ptr, old_size, size, align) } From 9f516a482228b45f8d542b2ef18bac3838d1de05 Mon Sep 17 00:00:00 2001 From: Clark Gaebel Date: Sat, 7 Feb 2015 23:13:34 -0500 Subject: [PATCH 2/4] code review --- src/liballoc/heap.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/liballoc/heap.rs b/src/liballoc/heap.rs index 0f70da27fc165..b81423961661d 100644 --- a/src/liballoc/heap.rs +++ b/src/liballoc/heap.rs @@ -12,6 +12,7 @@ use core::num::UnsignedInt; #[cfg(not(test))] use core::ptr::PtrExt; +#[inline(always)] fn check_size_and_alignment(size: uint, align: uint) { debug_assert!(size != 0); debug_assert!(align.is_power_of_two(), "Invalid alignment of {}", align); From 27536666de5e9881a9d29f681ddaf9953fa1f5f5 Mon Sep 17 00:00:00 2001 From: Clark Gaebel Date: Sat, 7 Feb 2015 23:23:33 -0500 Subject: [PATCH 3/4] more code review --- src/liballoc/heap.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/liballoc/heap.rs b/src/liballoc/heap.rs index b81423961661d..36306d47913d1 100644 --- a/src/liballoc/heap.rs +++ b/src/liballoc/heap.rs @@ -15,7 +15,8 @@ use core::ptr::PtrExt; #[inline(always)] fn check_size_and_alignment(size: uint, align: uint) { debug_assert!(size != 0); - debug_assert!(align.is_power_of_two(), "Invalid alignment of {}", align); + debug_assert!(size <= int::MAX, "Tried to allocate too much: {} bytes", size); + debug_assert!(align.is_power_of_two(), "Invalid alignment of allocation: {}", align); } // FIXME: #13996: mark the `allocate` and `reallocate` return value as `noalias` From f2d946ade77e52b262bd9decb8bb3fda1a04ec46 Mon Sep 17 00:00:00 2001 From: Clark Gaebel Date: Sun, 8 Feb 2015 15:14:28 -0500 Subject: [PATCH 4/4] make build pl0x --- src/liballoc/heap.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/liballoc/heap.rs b/src/liballoc/heap.rs index 36306d47913d1..3010b770bb6e2 100644 --- a/src/liballoc/heap.rs +++ b/src/liballoc/heap.rs @@ -8,6 +8,7 @@ // option. This file may not be copied, modified, or distributed // except according to those terms. +use core::isize; use core::num::UnsignedInt; #[cfg(not(test))] use core::ptr::PtrExt; @@ -15,7 +16,7 @@ use core::ptr::PtrExt; #[inline(always)] fn check_size_and_alignment(size: uint, align: uint) { debug_assert!(size != 0); - debug_assert!(size <= int::MAX, "Tried to allocate too much: {} bytes", size); + debug_assert!(size <= isize::MAX as usize, "Tried to allocate too much: {} bytes", size); debug_assert!(align.is_power_of_two(), "Invalid alignment of allocation: {}", align); }