[PATCH] [sanitizer] Fix overflow in SizeClassAllocator64::GetChunkIdx().
Alexander Potapenko
glider at google.com
Wed May 15 22:22:55 PDT 2013
Do we know the upper limit for size? We could divide both operands by a
constant using shifts.
Sent from phone
On May 15, 2013 11:11 PM, "Sergey Matveev" <earthdok at google.com> wrote:
> Hi kcc, glider,
>
> The 32-bit offset overflowed when more than 4GB was allocated in a size
> class. Also removed the misleading comment.
>
> http://llvm-reviews.chandlerc.com/D797
>
> Files:
> lib/sanitizer_common/sanitizer_allocator.h
>
> Index: lib/sanitizer_common/sanitizer_allocator.h
> ===================================================================
> --- lib/sanitizer_common/sanitizer_allocator.h
> +++ lib/sanitizer_common/sanitizer_allocator.h
> @@ -492,11 +492,7 @@
> }
>
> static uptr GetChunkIdx(uptr chunk, uptr size) {
> - u32 offset = chunk % kRegionSize;
> - // Here we divide by a non-constant. This is costly.
> - // We require that kRegionSize is at least 2^32 so that offset is
> 32-bit.
> - // We save 2x by using 32-bit div, but may need to use a 256-way
> switch.
> - return offset / (u32)size;
> + return (chunk % kRegionSize) / size;
> }
>
> NOINLINE Batch* PopulateFreeList(AllocatorStats *stat, AllocatorCache
> *c,
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20130516/f6e234df/attachment.html>
More information about the llvm-commits
mailing list