diff options
| author | Simon Sapin <simon.sapin@exyr.org> | 2017-11-20 15:30:04 +0100 |
|---|---|---|
| committer | Simon Sapin <simon.sapin@exyr.org> | 2017-11-20 15:56:53 +0100 |
| commit | 21d899272a7fb39a497424e3260ddab773af7983 (patch) | |
| tree | ca082d56ca602fafd323932925df299a5dfe5803 /src/liballoc_system | |
| parent | 41e03c3c469d1c89735fa518a9af4eb3df8b0728 (diff) | |
| download | rust-21d899272a7fb39a497424e3260ddab773af7983.tar.gz rust-21d899272a7fb39a497424e3260ddab773af7983.zip | |
alloc_system: don’t assume MIN_ALIGN for small sizes, fix #45955
The GNU C library (glibc) is documented to always allocate with an alignment of at least 8 or 16 bytes, on 32-bit or 64-bit platforms: https://www.gnu.org/software/libc/manual/html_node/Aligned-Memory-Blocks.html This matches our use of `MIN_ALIGN` before this commit. However, even when libc is glibc, the program might be linked with another allocator that redefines the `malloc` symbol and friends. (The `alloc_jemalloc` crate does, in some cases.) So `alloc_system` doesn’t know which allocator it calls, and needs to be conservative in assumptions it makes. The C standard says: https://port70.net/%7Ensz/c/c11/n1570.html#7.22.3 > The pointer returned if the allocation succeeds is suitably aligned > so that it may be assigned to a pointer to any type of object > with a fundamental alignment requirement https://port70.net/~nsz/c/c11/n1570.html#6.2.8p2 > A fundamental alignment is represented by an alignment less than > or equal to the greatest alignment supported by the implementation > in all contexts, which is equal to `_Alignof (max_align_t)`. `_Alignof (max_align_t)` depends on the ABI and doesn’t seem to have a clear definition, but it seems to match our `MIN_ALIGN` in practice. However, the size of objects is rounded up to the next multiple of their alignment (since that size is also the stride used in arrays). Conversely, the alignment of a non-zero-size object is at most its size. So for example it seems ot be legal for `malloc(8)` to return a pointer that’s only 8-bytes-aligned, even if `_Alignof (max_align_t)` is 16.
Diffstat (limited to 'src/liballoc_system')
| -rw-r--r-- | src/liballoc_system/lib.rs | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/liballoc_system/lib.rs b/src/liballoc_system/lib.rs index 05cacf6e881..8077ab2063d 100644 --- a/src/liballoc_system/lib.rs +++ b/src/liballoc_system/lib.rs @@ -132,7 +132,7 @@ mod platform { unsafe impl<'a> Alloc for &'a System { #[inline] unsafe fn alloc(&mut self, layout: Layout) -> Result<*mut u8, AllocErr> { - let ptr = if layout.align() <= MIN_ALIGN { + let ptr = if layout.align() <= MIN_ALIGN && layout.align() <= layout.size() { libc::malloc(layout.size()) as *mut u8 } else { aligned_malloc(&layout) @@ -148,7 +148,7 @@ mod platform { unsafe fn alloc_zeroed(&mut self, layout: Layout) -> Result<*mut u8, AllocErr> { - if layout.align() <= MIN_ALIGN { + if layout.align() <= MIN_ALIGN && layout.align() <= layout.size() { let ptr = libc::calloc(layout.size(), 1) as *mut u8; if !ptr.is_null() { Ok(ptr) @@ -180,7 +180,7 @@ mod platform { }) } - if new_layout.align() <= MIN_ALIGN { + if new_layout.align() <= MIN_ALIGN && new_layout.align() <= new_layout.size(){ let ptr = libc::realloc(ptr as *mut libc::c_void, new_layout.size()); if !ptr.is_null() { Ok(ptr as *mut u8) |