[cxx-abi-dev] Run-time array checking
Florian Weimer
fweimer at redhat.com
Thu Sep 6 13:13:12 UTC 2012
On 09/06/2012 02:46 PM, Mike Herrick wrote:
> 3) A new routine, say __cxa_vec_new_check, that takes a signed element_count, element_size, and number of initialized elements and does all necessary checks, throwing std::bad_array_new_length if required, otherwise returning. Compilers would insert a call to the new routine before any call to __cxa_vec_new* (when the number of elements isn't known at compile time).
You need two separate element counts which are multiplied by
__cxa_vec_new_check with an overflow check, to cover cases like new
T[n][5][3]. (The inner array lengths are constant and can be folded
into a single factor by the compiler.) The cookie size could be
subtracted unconditionally, so it doesn't need to be passed as an
argument. This approach does not work if the compiler supports heap
allocation of C VLAs.
Does anybody actually use the __cxa_vec_new* interfaces? I hope we'll
patch libsupc++ to include checks in any case, but it would be
interesting to know if it actually makes a difference.
--
Florian Weimer / Red Hat Product Security Team
More information about the cxx-abi-dev
mailing list