[PATCH 08/14] realloc-posix: set CHERI bounds

Paul Eggert Mon, 04 Nov 2024 21:45:23 -0800

* lib/ialloc.h, lib/xmalloc.c [__CHERI_PURE_CAPABILITY__]:
Do nothing special, as realloc and reallocarray
should do this for us now.
* lib/realloc.c [__CHERI_PURE_CAPABILITY__]:
Include cheri.h, and arrange for rpl_realloc to set bounds.
---
 ChangeLog     |  7 +++++++
 lib/ialloc.h  | 38 ++++----------------------------------
 lib/realloc.c | 15 +++++++++++++--
 lib/xmalloc.c | 24 ++----------------------
 4 files changed, 26 insertions(+), 58 deletions(-)


diff --git a/ChangeLog b/ChangeLog
index d00b1029f0..8c54555f8f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2024-11-04  Paul Eggert  <egg...@cs.ucla.edu>
 
+       realloc-posix: set CHERI bounds
+       * lib/ialloc.h, lib/xmalloc.c [__CHERI_PURE_CAPABILITY__]:
+       Do nothing special, as realloc and reallocarray
+       should do this for us now.
+       * lib/realloc.c [__CHERI_PURE_CAPABILITY__]:
+       Include cheri.h, and arrange for rpl_realloc to set bounds.
+
        realloc-posix: realloc (..., 0) now returns nonnull
        * lib/realloc.c (rpl_realloc): Simplify and tune by using
        HAVE_REALLOC_0_NONNULL and HAVE_MALLOC_PTRDIFF, and
diff --git a/lib/ialloc.h b/lib/ialloc.h
index 7e296bfdad..71f9068efb 100644
--- a/lib/ialloc.h
+++ b/lib/ialloc.h
@@ -29,9 +29,6 @@
 #include <errno.h>
 #include <stdint.h>
 #include <stdlib.h>
-#if defined __CHERI_PURE_CAPABILITY__
-# include <cheri.h>
-#endif
 
 _GL_INLINE_HEADER_BEGIN
 #ifndef IALLOC_INLINE
@@ -68,20 +65,7 @@ IALLOC_INLINE
 void *
 irealloc (void *p, idx_t s)
 {
-  if (s <= SIZE_MAX)
-    {
-      /* Work around realloc glitch by treating a 0 size as if it were 1,
-         to avoid undefined behavior in strict C23 platforms,
-         and so that returning NULL is equivalent to failing.  */
-      p = realloc (p, s ? s : 1);
-#if defined __CHERI_PURE_CAPABILITY__
-      if (p != NULL)
-        p = cheri_bounds_set (p, s);
-#endif
-      return p;
-    }
-  else
-    return _gl_alloc_nomem ();
+  return s <= SIZE_MAX ? realloc (p, s) : _gl_alloc_nomem ();
 }
 
 /* icalloc (num, size) is like calloc (num, size).
@@ -113,23 +97,9 @@ icalloc (idx_t n, idx_t s)
 IALLOC_INLINE void *
 ireallocarray (void *p, idx_t n, idx_t s)
 {
-  if (n <= SIZE_MAX && s <= SIZE_MAX)
-    {
-      /* Work around reallocarray glitch by treating a 0 size as if it were 1,
-         so that returning NULL is equivalent to failing.  */
-      size_t nx = n;
-      size_t sx = s;
-      if (n == 0 || s == 0)
-        nx = sx = 1;
-      p = reallocarray (p, nx, sx);
-#if defined __CHERI_PURE_CAPABILITY__
-      if (p != NULL && (n == 0 || s == 0))
-        p = cheri_bounds_set (p, 0);
-#endif
-      return p;
-    }
-  else
-    return _gl_alloc_nomem ();
+  return (n <= SIZE_MAX && s <= SIZE_MAX
+          ? reallocarray (p, n, s)
+          : _gl_alloc_nomem ());
 }
 
 #ifdef __cplusplus
diff --git a/lib/realloc.c b/lib/realloc.c
index dbc3d6b165..2f83b04dc9 100644
--- a/lib/realloc.c
+++ b/lib/realloc.c
@@ -25,6 +25,10 @@
 #include <errno.h>
 #include <stdckdint.h>
 
+#ifdef __CHERI_PURE_CAPABILITY__
+# include <cheri.h>
+#endif
+
 /* Call the system's realloc below.  This file does not define
    _GL_USE_STDLIB_ALLOC because it needs Gnulib's malloc if present.  */
 #undef realloc
@@ -36,6 +40,8 @@
 void *
 rpl_realloc (void *p, size_t n)
 {
+  size_t n1 = n;
+
   if (n == 0)
     {
 #if NEED_SANITIZED_REALLOC
@@ -72,7 +78,7 @@ rpl_realloc (void *p, size_t n)
          caller sites.  */
 
 #if !HAVE_REALLOC_0_NONNULL
-      n = 1;
+      n1 = 1;
 #endif
     }
 
@@ -85,12 +91,17 @@ rpl_realloc (void *p, size_t n)
     }
 #endif
 
-  void *result = realloc (p, n);
+  void *result = realloc (p, n1);
 
 #if !HAVE_MALLOC_POSIX
   if (result == NULL)
     errno = ENOMEM;
 #endif
 
+#ifdef __CHERI_PURE_CAPABILITY__
+  if (result != NULL)
+    result = cheri_bounds_set (result, n);
+#endif
+
   return result;
 }
diff --git a/lib/xmalloc.c b/lib/xmalloc.c
index 71332bbea6..403072fb77 100644
--- a/lib/xmalloc.c
+++ b/lib/xmalloc.c
@@ -29,10 +29,6 @@
 #include <stdint.h>
 #include <string.h>
 
-#ifdef __CHERI_PURE_CAPABILITY__
-# include <cheri.h>
-#endif
-
 static void * _GL_ATTRIBUTE_PURE
 check_nonnull (void *p)
 {
@@ -67,15 +63,9 @@ xcharalloc (size_t n)
 void *
 xrealloc (void *p, size_t s)
 {
-  /* Work around realloc glitch by treating a 0 size as if it were 1,
-     to avoid undefined behavior in strict C23 platforms,
-     so that returning NULL is equivalent to failing.  */
-  void *r = realloc (p, s ? s : 1);
+  void *r = realloc (p, s);
   if (!r)
     xalloc_die ();
-#ifdef __CHERI_PURE_CAPABILITY__
-  r = cheri_bounds_set (r, s);
-#endif
   return r;
 }
 
@@ -91,19 +81,9 @@ xirealloc (void *p, idx_t s)
 void *
 xreallocarray (void *p, size_t n, size_t s)
 {
-  /* Work around reallocarray glitch by treating a 0 size as if it were 1,
-     so that returning NULL is equivalent to failing.  */
-  size_t nx = n;
-  size_t sx = s;
-  if (!n || !s)
-    nx = sx = 1;
-  void *r = reallocarray (p, nx, sx);
+  void *r = reallocarray (p, n, s);
   if (!r)
     xalloc_die ();
-#ifdef __CHERI_PURE_CAPABILITY__
-  if (!n || !s)
-    r = cheri_bounds_set (r, 0);
-#endif
   return r;
 }
 
-- 
2.43.0

[PATCH 08/14] realloc-posix: set CHERI bounds

Reply via email to