Hi Paul,

> This can cause problems when -fcheck-pointer-bounds is in effect, since 
> converting a pointer to uintptr_t and back means that GCC won't connect 
> the resulting pointer to the original and this messes up bounds checking 
> on the result.

To be precise: What do you mean by "cause problems" and "messes up bounds
checking"? As far as I understand, it will disable bounds checking on the
returned pointer and its derivatives, right?

Speaking of bounds checking, the code (with or without your patch) will
not provide optimal bounds checking, because a pointer access to the
memory range that we added merely for alignment will not be reported as
an error. AFAIU, we need to tell GCC about the actual bounds, by use of
the functions listed in [1].

[1] https://gcc.gnu.org/onlinedocs/gcc/Pointer-Bounds-Checker-builtins.html

How about this? Will this work?

diff --git a/lib/malloca.c b/lib/malloca.c
index c66e0c8..411bee0 100644
--- a/lib/malloca.c
+++ b/lib/malloca.c
@@ -64,7 +64,13 @@ mmalloca (size_t n)
              [mem, mem + nplus).  */
           ((small_t *) p)[-1] = p - mem;
           /* p ≡ sa_alignment_max mod 2*sa_alignment_max.  */
+# if __GNUC__ >= 5 && !defined __cplusplus && !defined __clang__
+          /* Tell GCC about the allowed memory accesses based on p,
+             if -fcheck-pointer-bounds is in effect.  */
+          return __builtin___bnd_set_ptr_bounds (p, n);
+# else
           return p;
+# endif
   /* Out of memory.  */

Reply via email to