STINNER Victor
2015-01-19 09:50:10 UTC
New submission from STINNER Victor:
In CPython, almost all memory allocations are protected against integer overflow with code looking like that:
if (length > ((PY_SSIZE_T_MAX - struct_size) / char_size - 1)) {
PyErr_NoMemory();
return NULL;
}
new_size = (struct_size + (length + 1) * char_size);
For performances, GCC 5 introduces __builtin_mul_overflow() which is an integer multiplication with overflow check. On x86/x86_64, it is implemented in hardware (assembler instruction JO, jump if overflow, if I remember correctly).
The function already exists in Clang: "... which existed in Clang/LLVM for a while" says http://lwn.net/Articles/623368/ According to this mail sent to the Linux kernel mailing list, the Linux kernel has functions like "check_mul_overflow(X, Y, C)".
For other compilers, it should be easy to reimplement it, but I don't know what is the most efficient implementation (Py_LOCAL_INLINE function in an header?)
GCC 5 changelog:
https://gcc.gnu.org/gcc-5/changes.html
Note: GCC 5 is not released yet.
----------
messages: 234310
nosy: haypo
priority: normal
severity: normal
status: open
title: Use the new __builtin_mul_overflow() of Clang and GCC 5 to check for integer overflow
versions: Python 3.5
_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue23270>
_______________________________________
In CPython, almost all memory allocations are protected against integer overflow with code looking like that:
if (length > ((PY_SSIZE_T_MAX - struct_size) / char_size - 1)) {
PyErr_NoMemory();
return NULL;
}
new_size = (struct_size + (length + 1) * char_size);
For performances, GCC 5 introduces __builtin_mul_overflow() which is an integer multiplication with overflow check. On x86/x86_64, it is implemented in hardware (assembler instruction JO, jump if overflow, if I remember correctly).
The function already exists in Clang: "... which existed in Clang/LLVM for a while" says http://lwn.net/Articles/623368/ According to this mail sent to the Linux kernel mailing list, the Linux kernel has functions like "check_mul_overflow(X, Y, C)".
For other compilers, it should be easy to reimplement it, but I don't know what is the most efficient implementation (Py_LOCAL_INLINE function in an header?)
GCC 5 changelog:
https://gcc.gnu.org/gcc-5/changes.html
Note: GCC 5 is not released yet.
----------
messages: 234310
nosy: haypo
priority: normal
severity: normal
status: open
title: Use the new __builtin_mul_overflow() of Clang and GCC 5 to check for integer overflow
versions: Python 3.5
_______________________________________
Python tracker <***@bugs.python.org>
<http://bugs.python.org/issue23270>
_______________________________________