diff options
| author | bors <bors@rust-lang.org> | 2020-02-19 01:36:31 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2020-02-19 01:36:31 +0000 |
| commit | a2fb0c28be794f28028884650db70c17fea8e35b (patch) | |
| tree | 1b8698110e2a1c02b9f38f8fd213f79dc6cc7561 | |
| parent | e0e5d82e1677c82d209b214bbfc2cc5705c2336a (diff) | |
| parent | 3e17d191fa47b9ab262d0efa3a39e500e9fb1667 (diff) | |
| download | rust-a2fb0c28be794f28028884650db70c17fea8e35b.tar.gz rust-a2fb0c28be794f28028884650db70c17fea8e35b.zip | |
Auto merge of #69241 - shahn:checked_add_revert, r=Mark-Simulacrum,lqd
Revert "Remove `checked_add` in `Layout::repeat`" This fixes a a segfault in safe code, a stable regression. Reported in #69225. This reverts commit a983e0590a43ed8b0f60417828efd4e79b51f494.
| -rw-r--r-- | src/libcore/alloc.rs | 12 | ||||
| -rw-r--r-- | src/test/ui/issues/issue-69225-layout-repeated-checked-add.rs | 31 |
2 files changed, 38 insertions, 5 deletions
diff --git a/src/libcore/alloc.rs b/src/libcore/alloc.rs index 71f7f971eab..a04e75bc7ce 100644 --- a/src/libcore/alloc.rs +++ b/src/libcore/alloc.rs @@ -241,11 +241,13 @@ impl Layout { #[unstable(feature = "alloc_layout_extra", issue = "55724")] #[inline] pub fn repeat(&self, n: usize) -> Result<(Self, usize), LayoutErr> { - // This cannot overflow. Quoting from the invariant of Layout: - // > `size`, when rounded up to the nearest multiple of `align`, - // > must not overflow (i.e., the rounded value must be less than - // > `usize::MAX`) - let padded_size = self.size() + self.padding_needed_for(self.align()); + // Warning, removing the checked_add here led to segfaults in #67174. Further + // analysis in #69225 seems to indicate that this is an LTO-related + // miscompilation, so #67174 might be able to be reapplied in the future. + let padded_size = self + .size() + .checked_add(self.padding_needed_for(self.align())) + .ok_or(LayoutErr { private: () })?; let alloc_size = padded_size.checked_mul(n).ok_or(LayoutErr { private: () })?; unsafe { diff --git a/src/test/ui/issues/issue-69225-layout-repeated-checked-add.rs b/src/test/ui/issues/issue-69225-layout-repeated-checked-add.rs new file mode 100644 index 00000000000..7f43e4d1a51 --- /dev/null +++ b/src/test/ui/issues/issue-69225-layout-repeated-checked-add.rs @@ -0,0 +1,31 @@ +// Ensure we appropriately error instead of overflowing a calculation when creating a new Alloc +// Layout + +// run-fail +// compile-flags: -C opt-level=3 +// error-pattern: index out of bounds: the len is 0 but the index is 16777216 +// ignore-wasm no panic or subprocess support +// ignore-emscripten no panic or subprocess support + +fn do_test(x: usize) { + let arr = vec![vec![0u8; 3]]; + + let mut z = Vec::new(); + for arr_ref in arr { + for y in 0..x { + for _ in 0..1 { + z.extend(std::iter::repeat(0).take(x)); + let a = y * x; + let b = (y + 1) * x - 1; + let slice = &arr_ref[a..b]; + eprintln!("{} {} {} {}", a, b, arr_ref.len(), slice.len()); + eprintln!("{:?}", slice[1 << 24]); + } + } + } +} + +fn main() { + do_test(1); + do_test(2); +} |