[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: undefined-behavior obstack.c:139
|
From: |
Bruno Haible |
|
Subject: |
Re: undefined-behavior obstack.c:139 |
|
Date: |
Fri, 01 Dec 2023 19:40:39 +0100 |
Marc Nieper-Wißkirchen wrote:
> By 6.5.6 "Additive Operators":
>
> (2) "... one operator shall be a pointer to a complete object type..."
>
> NULL, which is a null pointer constant, is not necessarily a pointer to a
> complete object type.
In my test program, I used a variable of type 'char *'. Which is a pointer
to a complete object type.
> (9) "... If the pointer operand and the result do not point to elements of
> the same array object or one past the last element of the array object, the
> behavior is undefined..."
>
> NULL does not have to point to an element of an array object (or any
> object; see (8)).
Indeed, this sentence appears to forbid ((char *) NULL) + something.
Thanks for highlighting it; I had read this paragraph too quickly.
I'm therefore applying this fix.
2023-12-01 Bruno Haible <bruno@clisp.org>
obstack: Avoid undefined behaviour.
Reported by Alexey Palienko <Alexey.Palienko@cma.se> in
<https://lists.gnu.org/archive/html/bug-m4/2023-02/msg00000.html>.
* lib/obstack.in.h: Include <stdint.h>.
(__BPTR_ALIGN): Remove macro.
(__PTR_ALIGN): For the optimized case, compute the alignment through
uintptr_t, instead of computing NULL + something.
diff --git a/lib/obstack.in.h b/lib/obstack.in.h
index 265203b6e2..468a797341 100644
--- a/lib/obstack.in.h
+++ b/lib/obstack.in.h
@@ -111,6 +111,7 @@
#endif
#include <stddef.h> /* For size_t and ptrdiff_t. */
+#include <stdint.h> /* For uintptr_t. */
#include <string.h> /* For memcpy. */
#if __STDC_VERSION__ < 199901L || defined __HP_cc
@@ -134,20 +135,15 @@
/* If B is the base of an object addressed by P, return the result of
aligning P to the next multiple of A + 1. B and P must be of type
- char *. A + 1 must be a power of 2. */
-
-#define __BPTR_ALIGN(B, P, A) ((B) + (((P) - (B) + (A)) & ~(A)))
-
-/* Similar to __BPTR_ALIGN (B, P, A), except optimize the common case
- where pointers can be converted to integers, aligned as integers,
- and converted back again. If ptrdiff_t is narrower than a
- pointer (e.g., the AS/400), play it safe and compute the alignment
- relative to B. Otherwise, use the faster strategy of computing the
- alignment relative to 0. */
-
-#define __PTR_ALIGN(B, P, A) \
- __BPTR_ALIGN (sizeof (ptrdiff_t) < sizeof (void *) ? (B) : (char *) 0, \
- P, A)
+ char *. A + 1 must be a power of 2.
+ If ptrdiff_t is narrower than a pointer (e.g., the AS/400), play it
+ safe and compute the alignment relative to B. Otherwise, use the
+ faster strategy of computing the alignment through uintptr_t. */
+
+#define __PTR_ALIGN(B, P, A) \
+ (sizeof (ptrdiff_t) < sizeof (void *) \
+ ? (B) + (((P) - (B) + (A)) & ~(A)) \
+ : (P) + ((- (uintptr_t) (P)) & (A)))
#ifndef __attribute_pure__
# define __attribute_pure__ _GL_ATTRIBUTE_PURE
- Re: undefined-behavior obstack.c:139, Bruno Haible, 2023/12/01
- Re: undefined-behavior obstack.c:139, Jeffrey Walton, 2023/12/01
- Re: undefined-behavior obstack.c:139, Marc Nieper-Wißkirchen, 2023/12/01
- Re: undefined-behavior obstack.c:139,
Bruno Haible <=
- Re: undefined-behavior obstack.c:139, Paul Eggert, 2023/12/01
- Re: undefined-behavior obstack.c:139, Marc Nieper-Wißkirchen, 2023/12/01
- Re: undefined-behavior obstack.c:139, Paul Eggert, 2023/12/01
- Re: undefined-behavior obstack.c:139, Bruno Haible, 2023/12/02
- Re: undefined-behavior obstack.c:139, Paul Eggert, 2023/12/03
- Re: undefined-behavior obstack.c:139, Marc Nieper-Wißkirchen, 2023/12/03
- Re: undefined-behavior obstack.c:139, Marc Nieper-Wißkirchen, 2023/12/01