Possible error in EmitCXXNewAllocSize

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Possible error in EmitCXXNewAllocSize

Daniel Schwartz-Narbonne
I was looking through the code for this function, and on line 533,
where you check whether an overflow occurred, you say
      DidOverflow = CGF.Builder.CreateAnd(DidOverflow, AddDidOverflow);
Shouldn't this be an OR?  Doesn't the error occur if either the
multiplication or the addition overflowed?

Daniel
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Possible error in EmitCXXNewAllocSize

Eli Friedman
On Sat, Apr 9, 2011 at 11:25 AM, Daniel Schwartz-Narbonne
<[hidden email]> wrote:
> I was looking through the code for this function, and on line 533,
> where you check whether an overflow occurred, you say
>      DidOverflow = CGF.Builder.CreateAnd(DidOverflow, AddDidOverflow);
> Shouldn't this be an OR?  Doesn't the error occur if either the
> multiplication or the addition overflowed?

You're right; testcase demonstrating the overflow:
struct A { char x[1<<16]; ~A(); };
A* f() { int x = 1<<16; return new A[x]; };

Run this through "clang -x c++ - -o - -S -m32 -emit-llvm -O2", and you
get "tail call noalias i8* @_Znaj(i32 4)".

-Eli

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Possible error in EmitCXXNewAllocSize

Eli Friedman
On Sat, Apr 9, 2011 at 11:45 AM, Eli Friedman <[hidden email]> wrote:

> On Sat, Apr 9, 2011 at 11:25 AM, Daniel Schwartz-Narbonne
> <[hidden email]> wrote:
>> I was looking through the code for this function, and on line 533,
>> where you check whether an overflow occurred, you say
>>      DidOverflow = CGF.Builder.CreateAnd(DidOverflow, AddDidOverflow);
>> Shouldn't this be an OR?  Doesn't the error occur if either the
>> multiplication or the addition overflowed?
>
> You're right; testcase demonstrating the overflow:
> struct A { char x[1<<16]; ~A(); };
> A* f() { int x = 1<<16; return new A[x]; };
>
> Run this through "clang -x c++ - -o - -S -m32 -emit-llvm -O2", and you
> get "tail call noalias i8* @_Znaj(i32 4)".

Fixed in r129231.

-Eli

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev