packages/boost
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
boost/boost-1.77-pool-fix-interger-overflows-in-pool-ordered_malloc.patch
sdlzx 3e70aae998 update to 1.77
2021-09-17 00:03:53 +08:00

153 lines
6.0 KiB
Diff
Raw Blame History

From b59c1be697a001a71f6b92660e41d8915eea941d Mon Sep 17 00:00:00 2001
From: Orgad Shaneh <orgads@gmail.com>
Date: Thu, 9 Sep 2021 10:28:13 +0300
Subject: [PATCH] fix integer overflows in pool::ordered_malloc
Fixes trac #6701 (https://svn.boost.org/trac10/ticket/6701).
Originally-by: Jonathan Wakely <jwakely.boost@kayari.org>
---
boost/pool/pool.hpp | 32 +++++++++++++++++++++++---------
libs/pool/test/test_bug_6701.cpp | 27 +++++++++++++++++++++++++++
2 files changed, 50 insertions(+), 9 deletions(-)
create mode 100644 libs/pool/test/test_bug_6701.cpp
diff --git a/boost/pool/pool.hpp b/boost/pool/pool.hpp
index c47b11faf..a899ca0a2 100644
--- a/boost/pool/pool.hpp
+++ b/boost/pool/pool.hpp
@@ -26,6 +26,8 @@
#include <boost/pool/poolfwd.hpp>
+// std::numeric_limits
+#include <boost/limits.hpp>
// boost::integer::static_lcm
#include <boost/integer/common_factor_ct.hpp>
// boost::simple_segregated_storage
@@ -355,6 +357,13 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
return s;
}
+ size_type max_chunks() const
+ { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool.
+ size_type partition_size = alloc_size();
+ size_type POD_size = integer::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type);
+ return (std::numeric_limits<size_type>::max() - POD_size) / alloc_size();
+ }
+
static void * & nextof(void * const ptr)
{ //! \returns Pointer dereferenced.
//! (Provided and used for the sake of code readability :)
@@ -375,6 +384,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
//! the first time that object needs to allocate system memory.
//! The default is 32. This parameter may not be 0.
//! \param nmax_size is the maximum number of chunks to allocate in one block.
+ set_next_size(nnext_size);
+ set_max_size(nmax_size);
}
~pool()
@@ -398,8 +409,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
}
void set_next_size(const size_type nnext_size)
{ //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0.
- //! \returns nnext_size.
- next_size = start_size = nnext_size;
+ BOOST_USING_STD_MIN();
+ next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks());
}
size_type get_max_size() const
{ //! \returns max_size.
@@ -407,7 +418,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
}
void set_max_size(const size_type nmax_size)
{ //! Set max_size.
- max_size = nmax_size;
+ BOOST_USING_STD_MIN();
+ max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks());
}
size_type get_requested_size() const
{ //! \returns the requested size passed into the constructor.
@@ -708,9 +720,9 @@ void * pool<UserAllocator>::malloc_need_resize()
BOOST_USING_STD_MIN();
if(!max_size)
- next_size <<= 1;
+ set_next_size(next_size << 1);
else if( next_size*partition_size/requested_size < max_size)
- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
+ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
// initialize it,
store().add_block(node.begin(), node.element_size(), partition_size);
@@ -748,9 +760,9 @@ void * pool<UserAllocator>::ordered_malloc_need_resize()
BOOST_USING_STD_MIN();
if(!max_size)
- next_size <<= 1;
+ set_next_size(next_size << 1);
else if( next_size*partition_size/requested_size < max_size)
- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
+ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
// initialize it,
// (we can use "add_block" here because we know that
@@ -792,6 +804,8 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
{ //! Gets address of a chunk n, allocating new memory if not already available.
//! \returns Address of chunk n if allocated ok.
//! \returns 0 if not enough memory for n chunks.
+ if (n > max_chunks())
+ return 0;
const size_type partition_size = alloc_size();
const size_type total_req_size = n * requested_size;
@@ -840,9 +854,9 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
BOOST_USING_STD_MIN();
if(!max_size)
- next_size <<= 1;
+ set_next_size(next_size << 1);
else if( next_size*partition_size/requested_size < max_size)
- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
+ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
// insert it into the list,
// handle border case.
diff --git a/libs/pool/test/test_bug_6701.cpp b/libs/pool/test/test_bug_6701.cpp
new file mode 100644
index 000000000..e484d3c7e
--- /dev/null
+++ b/libs/pool/test/test_bug_6701.cpp
@@ -0,0 +1,27 @@
+/* Copyright (C) 2012 Étienne Dupuis
+*
+* Use, modification and distribution is subject to the
+* Boost Software License, Version 1.0. (See accompanying
+* file LICENSE_1_0.txt or http://www.boost.org/LICENSE_1_0.txt)
+*/
+
+// Test of bug #6701 (https://svn.boost.org/trac/boost/ticket/6701)
+
+#include <boost/pool/object_pool.hpp>
+#include <boost/limits.hpp>
+
+int main()
+{
+ boost::pool<> p(1024, std::numeric_limits<size_t>::max() / 768);
+
+ void *x = p.malloc();
+ BOOST_ASSERT(!x);
+
+ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_next_size());
+ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_max_size());
+
+ void *y = p.ordered_malloc(std::numeric_limits<size_t>::max() / 768);
+ BOOST_ASSERT(!y);
+
+ return 0;
+}
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink