[PATCH] D12247: [libc++] remove possible trailing padding from aligned_storage
Yiran Wang via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 21 11:15:46 PDT 2015
yiranwang created this revision.
yiranwang added a subscriber: cfe-commits.
In libc++, there are some usage of aligned_storage which uses "sizeof" bytes of raw data. This is problematic a bit, as the trailing padding area will be counted by "sizeof", and it leads to out of bound access. For example, the member __buf_ of std::function can be used to store pointers to parameters, and the compiler could fail to figure out there is a pointer in the padding area points to some local variable.
The fix enlarges the buffer so that the size is exact multiple of "_Align". It is of no run time overhead.
http://reviews.llvm.org/D12247
Files:
include/type_traits
Index: include/type_traits
===================================================================
--- include/type_traits
+++ include/type_traits
@@ -1143,7 +1143,7 @@
union type
{
_Aligner __align;
- unsigned char __data[_Len];
+ unsigned char __data[(_Len + _Align - 1)/_Align * _Align];
};
};
@@ -1158,7 +1158,7 @@
{\
struct _ALIGNAS(n) type\
{\
- unsigned char __lx[_Len];\
+ unsigned char __lx[(_Len + n - 1)/n * n];\
};\
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D12247.32844.patch
Type: text/x-patch
Size: 500 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150821/9c747061/attachment.bin>
More information about the cfe-commits
mailing list