-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add overflow tests #587
base: main
Are you sure you want to change the base?
Add overflow tests #587
Conversation
&os_memory_provider_params, | ||
&os_memory_provider); | ||
ASSERT_EQ(res, UMF_RESULT_SUCCESS); | ||
ASSERT_EQ(os_memory_provider, nullptr); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so provider is null, but we expect UMF_RES_SUCCESS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
4f36fe1
to
0086875
Compare
src/provider/provider_os_memory.c
Outdated
@@ -360,6 +360,15 @@ validatePartitions(umf_os_memory_provider_params_t *params) { | |||
return UMF_RESULT_SUCCESS; | |||
} | |||
|
|||
static umf_result_t validatePartSize(os_memory_provider_t *provider, umf_os_memory_provider_params_t *params) { | |||
size_t page_size; | |||
if (ALIGN_UP(params->part_size, os_get_min_page_size(provider, NULL, &page_size)) < params->part_size) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This do not compile (os_get_min_page_size, return ut_result - page_size is returned by pointer)
Also i think we need function that align up/down and returns value if it succeeded or not. And use it everywhere. Not sure what is better:
- dozen of functions (aling_up_safe_uint32, aling_up_safe_uint64, aling_up_safe_int64 etc...)
- macro ALIGN_UP_SAFE - which might be bit hacky. Probably something like this
#define ALIGN_UP_SAFE(value, alignment) (((alignment) == 0) ? (value = 0) : (((value) + (alignment) - 1) < (value) ? -1 : ALIGN_UP(value, alignment)))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Write C++ template function align_up_safe<T>(value)
.
test/common/provider.hpp
Outdated
@@ -106,6 +106,10 @@ struct provider_malloc : public provider_base_t { | |||
align = 8; | |||
} | |||
|
|||
if (SIZE_MAX - size < align) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm allmost sure (but please double check) that it should be SIZE_MAX-size + 1 < align
In ALIGN_UP macro we have (((value) + (align)-1) & ~((align)-1))
The part which overflow is (value) + (align)-1
so we want to check
(value) + (align)-1 > SIZE_MAX
- this equation is prone for overflow so we have to change it to + align > SIZE_MAX - value + 1
0086875
to
23b6809
Compare
23b6809
to
adf2055
Compare
adf2055
to
4cb4024
Compare
@@ -134,7 +134,10 @@ static void *ba_os_alloc_annotated(size_t pool_size) { | |||
} | |||
|
|||
umf_ba_pool_t *umf_ba_create(size_t size) { | |||
size_t chunk_size = ALIGN_UP(size, MEMORY_ALIGNMENT); | |||
size_t chunk_size = ALIGN_UP_SAFE(size, MEMORY_ALIGNMENT); | |||
if (!chunk_size) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO in case of numeric values you should use (just for better understanding)
if (chunk_size == 0)
(instead of if (!chunk_size)
) - also in all places below.
@@ -29,8 +29,13 @@ extern "C" { | |||
expression; \ | |||
} while (0) | |||
|
|||
#define ALIGN_UP(value, align) (((value) + (align)-1) & ~((align)-1)) | |||
#define ALIGN_DOWN(value, align) ((value) & ~((align)-1)) | |||
#define ALIGN_UP(value, align) ((value + align - 1) & ~(align - 1)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should stay as was:
#define ALIGN_UP(value, align) (((value) + (align) - 1) & ~((align) - 1))
Please revert it.
: ((value + alignment - 1) < value \ | ||
? 0 \ | ||
: ((value + alignment - 1) & ~(alignment - 1)))) | ||
#define ALIGN_DOWN(value, align) (value & ~(align - 1)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should stay as was:
#define ALIGN_DOWN(value, align) ((value) & ~((align) - 1))
Please revert it.
#define ALIGN_UP(value, align) (((value) + (align)-1) & ~((align)-1)) | ||
#define ALIGN_DOWN(value, align) ((value) & ~((align)-1)) | ||
#define ALIGN_UP(value, align) ((value + align - 1) & ~(align - 1)) | ||
#define ALIGN_UP_SAFE(value, alignment) \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All occurrences of value
and alignment
should be in parenthesis ((value)
and (alignment)
), in case they were expressions.
Description
Checklist