diff options
| author | Felix S. Klock II <pnkfelix@pnkfx.org> | 2017-07-13 17:17:08 +0200 |
|---|---|---|
| committer | Felix S. Klock II <pnkfelix@pnkfx.org> | 2017-07-13 17:17:08 +0200 |
| commit | ef8804ba277b055fdc3e6d148e680e3c1b597ad8 (patch) | |
| tree | ecc366eb533e6683469a237bc2270de11e5cc8fe /src/liballoc/allocator.rs | |
| parent | b2c0707872082c890f332178f59fd02eea5b98f3 (diff) | |
| download | rust-ef8804ba277b055fdc3e6d148e680e3c1b597ad8.tar.gz rust-ef8804ba277b055fdc3e6d148e680e3c1b597ad8.zip | |
Add precondition to `Layout` that the `align` fit in a u32.
This precondition takes the form of a behavorial change in `Layout::from_size_align` (so it returns `None` if the `align` is too large) and a new requirement for safe usage of `Layout::from_size_align_unchecked`. Fix #30170.
Diffstat (limited to 'src/liballoc/allocator.rs')
| -rw-r--r-- | src/liballoc/allocator.rs | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/src/liballoc/allocator.rs b/src/liballoc/allocator.rs index ca5388b4701..61d48f1588d 100644 --- a/src/liballoc/allocator.rs +++ b/src/liballoc/allocator.rs @@ -65,11 +65,13 @@ pub struct Layout { impl Layout { /// Constructs a `Layout` from a given `size` and `align`, - /// or returns `None` if either of the following conditions + /// or returns `None` if any of the following conditions /// are not met: /// /// * `align` must be a power of two, /// + /// * `align` must not exceed 2^31 (i.e. `1 << 31`), + /// /// * `size`, when rounded up to the nearest multiple of `align`, /// must not overflow (i.e. the rounded value must be less than /// `usize::MAX`). @@ -79,6 +81,10 @@ impl Layout { return None; } + if align > (1 << 31) { + return None; + } + // (power-of-two implies align != 0.) // Rounded up size is: @@ -106,8 +112,10 @@ impl Layout { /// /// # Unsafety /// - /// This function is unsafe as it does not verify that `align` is a power of - /// two nor that `size` aligned to `align` fits within the address space. + /// This function is unsafe as it does not verify that `align` is + /// a power-of-two that is also less than or equal to 2^31, nor + /// that `size` aligned to `align` fits within the address space + /// (i.e. the `Layout::from_size_align` preconditions). #[inline] pub unsafe fn from_size_align_unchecked(size: usize, align: usize) -> Layout { Layout { size: size, align: align } @@ -217,10 +225,10 @@ impl Layout { Some(alloc_size) => alloc_size, }; - // We can assume that `self.align` is a power-of-two. - // Furthermore, `alloc_size` has alreayd been rounded up - // to a multiple of `self.align`; therefore, the call - // to `Layout::from_size_align` below should never panic. + // We can assume that `self.align` is a power-of-two that does + // not exceed 2^31. Furthermore, `alloc_size` has already been + // rounded up to a multiple of `self.align`; therefore, the + // call to `Layout::from_size_align` below should never panic. Some((Layout::from_size_align(alloc_size, self.align).unwrap(), padded_size)) } |