[libcxx-commits] [PATCH] D134420: [libc++] Use intptr_t instead of ptrdiff_t for messages_base::catalog

Thu Sep 22 01:58:04 PDT 2022

arichardson created this revision.
arichardson added a reviewer: libc++.
Herald added subscribers: jrtc27, kristof.beyls, krytarowski, emaste.
Herald added a project: All.
arichardson requested review of this revision.
Herald added a project: libc++.
Herald added a subscriber: libcxx-commits.
Herald added 1 blocking reviewer(s): libc++.

On GLibc, FreeBSD and macOS systems nl_catd is a pointer type, and
round-tripping this in a variable of ptrdiff_t is not portable.
In fact such a round-trip yields a non-dereferenceable pointer on
CHERI-enabled architectures such as Arm Morello. There pointers (and
therefore intptr_t) are twice the size of ptrdiff_t, which means casting
to ptrdiff_t strips the high (metadata) bits (as well as a hidden pointer
validity bit).

Since catalog is now guaranteed to be the same size or larger than nl_catd,
we can store all return values safely and the shifting workaround from
commit 0c68ed006d4f38c3cdcab6a565aa3e208015895f should not be needed
anymore (this is also not portable to CHERI systems on since shifting a
valid pointer right will create a massively out-of-bounds pointer that
may not be representable).

This can be fixed by using intptr_t which should be the same type as
ptrdiff_t on all currently supported architectures.

See also: https://www.open-std.org/jtc1/sc22/wg21/docs/lwg-defects.html#2028


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D134420

Files:
  libcxx/include/locale


Index: libcxx/include/locale
===================================================================

--- libcxx/include/locale
+++ libcxx/include/locale
@@ -3461,7 +3461,7 @@
 class _LIBCPP_TYPE_VIS messages_base
 {
 public:
-    typedef ptrdiff_t catalog;
+    typedef intptr_t catalog;
 
     _LIBCPP_INLINE_VISIBILITY messages_base() {}
 };
@@ -3518,10 +3518,7 @@
 messages<_CharT>::do_open(const basic_string<char>& __nm, const locale&) const
 {
 #ifdef _LIBCPP_HAS_CATOPEN
-    catalog __cat = (catalog)catopen(__nm.c_str(), NL_CAT_LOCALE);
-    if (__cat != -1)
-        __cat = static_cast<catalog>((static_cast<size_t>(__cat) >> 1));
-    return __cat;
+    return (catalog)catopen(__nm.c_str(), NL_CAT_LOCALE);
 #else // !_LIBCPP_HAS_CATOPEN
     (void)__nm;
     return -1;
@@ -3538,9 +3535,8 @@
     __narrow_to_utf8<sizeof(char_type)*__CHAR_BIT__>()(back_inserter(__ndflt),
                                                        __dflt.c_str(),
                                                        __dflt.c_str() + __dflt.size());
-    if (__c != -1)
-        __c <<= 1;
     nl_catd __cat = (nl_catd)__c;
+    static_assert(sizeof(catalog) >= sizeof(nl_catd), "Unexpected nl_catd type");
     char* __n = catgets(__cat, __set, __msgid, __ndflt.c_str());
     string_type __w;
     __widen_from_utf8<sizeof(char_type)*__CHAR_BIT__>()(back_inserter(__w),
@@ -3559,10 +3555,7 @@
 messages<_CharT>::do_close(catalog __c) const
 {
 #ifdef _LIBCPP_HAS_CATOPEN
-    if (__c != -1)
-        __c <<= 1;
-    nl_catd __cat = (nl_catd)__c;
-    catclose(__cat);
+    catclose((nl_catd)__c);
 #else // !_LIBCPP_HAS_CATOPEN
     (void)__c;
 #endif // _LIBCPP_HAS_CATOPEN


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D134420.462114.patch
Type: text/x-patch
Size: 1671 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libcxx-commits/attachments/20220922/7abb897b/attachment.bin>
