This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 07/17] malloc: Add specialized dynarray for C strings
Adhemerval Zanella <adhemerval.zanella@linaro.org> writes:
> On 13/06/2017 11:24, Adhemerval Zanella wrote:
>
>> Here is an updated patch for the specialized dynarray. I have incorporated all
>> your suggestion but the skeleton name change (which I am not sure if it should
>> follow the idea since it should be a complete 'api'). I also added some nonull
>> attribute as for dynarray implementation.
>
> I rebase against the new begin/end additions and fixed some issues
> regarding the make check (which I forgot to actually run before patch
> submission...).
I don't see any begin/end references in the attached patch.
> +/* Replace the contents starting of position 'pos' of char_array 'array'
> + with the contents of string 'str' up to 'len' bytes. A final '\0'
> + is appended in the string. */
> +__attribute__ ((nonnull (1, 3)))
> +static bool
> +char_array_replace_str_pos (struct char_array *array, size_t pos,
> + const char *str, size_t len)
> +{
> + if (pos > array->dynarray_header.used)
> + return false;
> +
> + size_t newsize;
> + if (check_add_wrapv_size_t (pos, len, &newsize))
> + __libc_dynarray_overflow_failure (pos, len);
> + if (check_add_wrapv_size_t (newsize, 1, &newsize))
> + __libc_dynarray_overflow_failure (newsize, 1);
This is the opposite of what I expect: pos > array->dynarray_header.used
appears to be a usage error, so this could result in __libc_fatal.
Integer overflow while computing sizes for memory allocation is usually
treated as a memory allocation failure, so it would expect a false
return (and no __libc_fatal) for that.
If you want to prevent access to the underlying char_array_* functions
generated by dynarray, you could use #pragma GCC poison.
Florian