rpms/boost
7
0
Fork 0
Code Issues Pull Requests Releases Activity

In Boost.Pool, be careful not to overflow allocated chunk size.

Browse Source 
- Resolves: #828857
This commit is contained in:
Petr Machata 2012-06-07 00:44:26 +02:00
parent f68c4dd925
commit b88ee83322
2 changed files with 132 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
boost-1.48.0-pool.patch Normal file
View File

@ -0,0 +1,122 @@
Index: boost/pool/pool.hpp
===================================================================
--- boost/pool/pool.hpp (revision 78317)
+++ boost/pool/pool.hpp (revision 78326)
@@ -27,4 +27,6 @@
#include <boost/pool/poolfwd.hpp>
+// std::numeric_limits
+#include <boost/limits.hpp>
// boost::math::static_lcm
#include <boost/math/common_factor_ct.hpp>
@@ -358,4 +360,13 @@
}
+ size_type max_chunks() const
+ { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool.
+ size_type partition_size = alloc_size();
+ size_type POD_size = math::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type);
+ size_type max_chunks = (std::numeric_limits<size_type>::max() - POD_size) / alloc_size();
+
+ return max_chunks;
+ }
+
static void * & nextof(void * const ptr)
{ //! \returns Pointer dereferenced.
@@ -377,5 +388,7 @@
//! the first time that object needs to allocate system memory.
//! The default is 32. This parameter may not be 0.
- //! \param nmax_size is the maximum number of chunks to allocate in one block.
+ //! \param nmax_size is the maximum number of chunks to allocate in one block.
+ set_next_size(nnext_size);
+ set_max_size(nmax_size);
}
@@ -400,7 +413,7 @@
}
void set_next_size(const size_type nnext_size)
- { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0.
- //! \returns nnext_size.
- next_size = start_size = nnext_size;
+ { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0.
+ BOOST_USING_STD_MIN();
+ next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks());
}
size_type get_max_size() const
@@ -410,5 +423,6 @@
void set_max_size(const size_type nmax_size)
{ //! Set max_size.
- max_size = nmax_size;
+ BOOST_USING_STD_MIN();
+ max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks());
}
size_type get_requested_size() const
@@ -713,7 +727,7 @@
BOOST_USING_STD_MIN();
if(!max_size)
- next_size <<= 1;
+ set_next_size(next_size << 1);
else if( next_size*partition_size/requested_size < max_size)
- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
+ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
// initialize it,
@@ -753,7 +767,7 @@
BOOST_USING_STD_MIN();
if(!max_size)
- next_size <<= 1;
+ set_next_size(next_size << 1);
else if( next_size*partition_size/requested_size < max_size)
- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
+ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
// initialize it,
@@ -797,4 +811,6 @@
//! \returns Address of chunk n if allocated ok.
//! \returns 0 if not enough memory for n chunks.
+ if (n > max_chunks())
+ return 0;
const size_type partition_size = alloc_size();
@@ -845,7 +861,7 @@
BOOST_USING_STD_MIN();
if(!max_size)
- next_size <<= 1;
+ set_next_size(next_size << 1);
else if( next_size*partition_size/requested_size < max_size)
- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
+ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
// insert it into the list,
Index: libs/pool/test/test_bug_6701.cpp
===================================================================
--- libs/pool/test/test_bug_6701.cpp (revision 78326)
+++ libs/pool/test/test_bug_6701.cpp (revision 78326)
@@ -0,0 +1,27 @@
+/* Copyright (C) 2012 Étienne Dupuis
+*
+* Use, modification and distribution is subject to the
+* Boost Software License, Version 1.0. (See accompanying
+* file LICENSE_1_0.txt or http://www.boost.org/LICENSE_1_0.txt)
+*/
+
+// Test of bug #6701 (https://svn.boost.org/trac/boost/ticket/6701)
+
+#include <boost/pool/object_pool.hpp>
+#include <boost/limits.hpp>
+
+int main()
+{
+ boost::pool<> p(1024, std::numeric_limits<size_t>::max() / 768);
+
+ void *x = p.malloc();
+ BOOST_ASSERT(!x);
+
+ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_next_size());
+ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_max_size());
+
+ void *y = p.ordered_malloc(std::numeric_limits<size_t>::max() / 768);
+ BOOST_ASSERT(!y);
+
+ return 0;
+}

11
boost.spec
View File

@ -26,7 +26,7 @@ Name: boost
Summary: The free peer-reviewed portable C++ source libraries
Version: 1.48.0
%define version_enc 1_48_0
Release: 14%{?dist}
Release: 15%{?dist}
License: Boost and MIT and Python
# The CMake build framework (set of CMakeLists.txt and module.cmake files) is
@ -148,6 +148,10 @@ Patch13: boost-1.48.0-python3.patch
# https://svn.boost.org/trac/boost/ticket/6940
Patch14: boost-1.48.0-xtime.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=828856
# https://bugzilla.redhat.com/show_bug.cgi?id=828857
Patch15: boost-1.48.0-pool.patch
%bcond_with tests
%bcond_with docs_generated
@ -536,6 +540,7 @@ sed 's/_FEDORA_SONAME/%{sonamever}/' %{PATCH1} | %{__patch} -p0 --fuzz=0
%patch12 -p3
%patch13 -p1
%patch14 -p1
%patch15 -p0
%build
# Support for building tests.
@ -1074,6 +1079,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/bjam.1*
%changelog
* Wed Jun 6 2012 Petr Machata <pmachata@redhat.com> - 1.48.0-15
- In Boost.Pool, be careful not to overflow allocated chunk size.
- Resolves: #828857
* Thu May 24 2012 Petr Machata <pmachata@redhat.com> - 1.48.0-14
- Don't attempt to install Python 3 portions of boost when given
--without python3