Hi Paul, > This can cause problems when -fcheck-pointer-bounds is in effect, since > converting a pointer to uintptr_t and back means that GCC won't connect > the resulting pointer to the original and this messes up bounds checking > on the result.
To be precise: What do you mean by "cause problems" and "messes up bounds checking"? As far as I understand, it will disable bounds checking on the returned pointer and its derivatives, right? Speaking of bounds checking, the code (with or without your patch) will not provide optimal bounds checking, because a pointer access to the memory range that we added merely for alignment will not be reported as an error. AFAIU, we need to tell GCC about the actual bounds, by use of the functions listed in [1]. [1] https://gcc.gnu.org/onlinedocs/gcc/Pointer-Bounds-Checker-builtins.html How about this? Will this work? diff --git a/lib/malloca.c b/lib/malloca.c index c66e0c8..411bee0 100644 --- a/lib/malloca.c +++ b/lib/malloca.c @@ -64,7 +64,13 @@ mmalloca (size_t n) [mem, mem + nplus). */ ((small_t *) p)[-1] = p - mem; /* p ≡ sa_alignment_max mod 2*sa_alignment_max. */ +# if __GNUC__ >= 5 && !defined __cplusplus && !defined __clang__ + /* Tell GCC about the allowed memory accesses based on p, + if -fcheck-pointer-bounds is in effect. */ + return __builtin___bnd_set_ptr_bounds (p, n); +# else return p; +# endif } } /* Out of memory. */
