diff options
| author | bors <bors@rust-lang.org> | 2017-07-28 00:49:39 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2017-07-28 00:49:39 +0000 |
| commit | 63b3a03dc8db9a11412f47ca0fbe78ce70e76bc9 (patch) | |
| tree | 52fdc95489cec0c15b3febfda38e8b03d0136549 /src/liballoc | |
| parent | 8a78a12a55621f22475dedacc0f6b42bff87a4c1 (diff) | |
| parent | ef8804ba277b055fdc3e6d148e680e3c1b597ad8 (diff) | |
| download | rust-63b3a03dc8db9a11412f47ca0fbe78ce70e76bc9.tar.gz rust-63b3a03dc8db9a11412f47ca0fbe78ce70e76bc9.zip | |
Auto merge of #43217 - pnkfelix:alloc-requires-align-it-in-u32, r=alexcrichton
Add precondition to `Layout` that the `align` fit in a u32. Add precondition to `Layout` that the `align` not exceed 2^31. This precondition takes the form of a behavorial change in `Layout::from_size_align` (so it returns `None` if the input `align` is too large) and a new requirement for safe usage of `Layout::from_size_align_unchecked`. Fix #30170.
Diffstat (limited to 'src/liballoc')
| -rw-r--r-- | src/liballoc/allocator.rs | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/src/liballoc/allocator.rs b/src/liballoc/allocator.rs index efc59d2cbc8..66e0bf81c90 100644 --- a/src/liballoc/allocator.rs +++ b/src/liballoc/allocator.rs @@ -65,11 +65,13 @@ pub struct Layout { impl Layout { /// Constructs a `Layout` from a given `size` and `align`, - /// or returns `None` if either of the following conditions + /// or returns `None` if any of the following conditions /// are not met: /// /// * `align` must be a power of two, /// + /// * `align` must not exceed 2^31 (i.e. `1 << 31`), + /// /// * `size`, when rounded up to the nearest multiple of `align`, /// must not overflow (i.e. the rounded value must be less than /// `usize::MAX`). @@ -79,6 +81,10 @@ impl Layout { return None; } + if align > (1 << 31) { + return None; + } + // (power-of-two implies align != 0.) // Rounded up size is: @@ -106,8 +112,10 @@ impl Layout { /// /// # Unsafety /// - /// This function is unsafe as it does not verify that `align` is a power of - /// two nor that `size` aligned to `align` fits within the address space. + /// This function is unsafe as it does not verify that `align` is + /// a power-of-two that is also less than or equal to 2^31, nor + /// that `size` aligned to `align` fits within the address space + /// (i.e. the `Layout::from_size_align` preconditions). #[inline] pub unsafe fn from_size_align_unchecked(size: usize, align: usize) -> Layout { Layout { size: size, align: align } @@ -217,10 +225,10 @@ impl Layout { Some(alloc_size) => alloc_size, }; - // We can assume that `self.align` is a power-of-two. - // Furthermore, `alloc_size` has alreayd been rounded up - // to a multiple of `self.align`; therefore, the call - // to `Layout::from_size_align` below should never panic. + // We can assume that `self.align` is a power-of-two that does + // not exceed 2^31. Furthermore, `alloc_size` has already been + // rounded up to a multiple of `self.align`; therefore, the + // call to `Layout::from_size_align` below should never panic. Some((Layout::from_size_align(alloc_size, self.align).unwrap(), padded_size)) } |