Minor tweaks to recent UBSan-related fix

* src/alloc.c: No need to include stdalign.h; it’s pervasive. (GC_STRING_OVERRUN_COOKIE_SIZE): Align to sdata’s alignment, so that the code works even if alignof (sdata) exceeds 8. Don’t require the cookie size to be 8, as this overly fattens 32-bit platforms and one DEADBEEF should be enough. (GC_STRING_EXTRA): Omit now-unnecessary ‘verify’. (allocate_string_data): Omit unnecessary cast.
author: Paul Eggert 2019-04-25 13:42:50 -0700
committer: Paul Eggert 2019-04-25 13:47:27 -0700
commit: 83b0fc30d4bd6799e9593685d1767dfe2b3648a7 (patch)
tree: 42b26f45f611a938e6f917ce1de167d9ef534d72
parent: 69947311d84a2572e8382e401ab97fdab25cb433 (diff)
download: emacs-83b0fc30d4bd6799e9593685d1767dfe2b3648a7.tar.gz
emacs-83b0fc30d4bd6799e9593685d1767dfe2b3648a7.zip
1 files changed, 6 insertions, 14 deletions
diff --git a/src/alloc.c b/src/alloc.c
index 3b5e3bb9b01..c4ef4e96863 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -21,7 +21,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #include <config.h>
 #include <errno.h>
-#include <stdalign.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -1576,16 +1575,15 @@ static struct Lisp_String *string_free_list;
 #ifdef GC_CHECK_STRING_OVERRUN
-/* We check for overrun in string data blocks by appending a small
+/* Check for overrun in string data blocks by appending a small
   "cookie" after each allocated string data block, and check for the
   presence of this cookie during GC.  */
+# define GC_STRING_OVERRUN_COOKIE_SIZE ROUNDUP (4, alignof (sdata))
-#define GC_STRING_OVERRUN_COOKIE_SIZE   8
 static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
-  { '\xde', '\xad', '\xbe', '\xef', '\xde', '\xad', '\xbe', '\xef' };
+  { '\xde', '\xad', '\xbe', '\xef', /* Perhaps some zeros here.  */ };
 #else
-#define GC_STRING_OVERRUN_COOKIE_SIZE 0
+# define GC_STRING_OVERRUN_COOKIE_SIZE 0
 #endif
 /* Value is the size of an sdata structure large enough to hold NBYTES
@@ -1615,13 +1613,7 @@ static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
 #endif /* not GC_CHECK_STRING_BYTES */
 /* Extra bytes to allocate for each string.  */
+#define GC_STRING_EXTRA GC_STRING_OVERRUN_COOKIE_SIZE
-#define GC_STRING_EXTRA (GC_STRING_OVERRUN_COOKIE_SIZE)
-/* Make sure that allocating the extra bytes doesn't misalign
-   `sdata'.  */
-verify (GC_STRING_EXTRA % alignof (sdata) == 0);
 /* Exact bound on the number of bytes in a string, not counting the
   terminating NUL.  A string cannot contain more bytes than
@@ -1882,7 +1874,7 @@ allocate_string_data (struct Lisp_String *s,
  data->string = s;
  b->next_free = (sdata *) ((char *) data + needed + GC_STRING_EXTRA);
-  eassert ((uintptr_t) (char *) b->next_free % alignof (sdata) == 0);
+  eassert ((uintptr_t) b->next_free % alignof (sdata) == 0);
  MALLOC_UNBLOCK_INPUT;
author	Paul Eggert	2019-04-25 13:42:50 -0700
committer	Paul Eggert	2019-04-25 13:47:27 -0700
commit	83b0fc30d4bd6799e9593685d1767dfe2b3648a7 (patch)
tree	42b26f45f611a938e6f917ce1de167d9ef534d72
parent	69947311d84a2572e8382e401ab97fdab25cb433 (diff)
download	emacs-83b0fc30d4bd6799e9593685d1767dfe2b3648a7.tar.gz emacs-83b0fc30d4bd6799e9593685d1767dfe2b3648a7.zip

diff --git a/src/alloc.c b/src/alloc.c index 3b5e3bb9b01..c4ef4e96863 100644 --- a/src/alloc.c +++ b/src/alloc.c
@@ -21,7 +21,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
21	#include <config.h>	21	#include <config.h>
22		22
23	#include <errno.h>	23	#include <errno.h>
24	#include <stdalign.h>
25	#include <stdint.h>	24	#include <stdint.h>
26	#include <stdio.h>	25	#include <stdio.h>
27	#include <stdlib.h>	26	#include <stdlib.h>
@@ -1576,16 +1575,15 @@ static struct Lisp_String *string_free_list;
1576		1575
1577	#ifdef GC_CHECK_STRING_OVERRUN	1576	#ifdef GC_CHECK_STRING_OVERRUN
1578		1577
1579	/* We check for overrun in string data blocks by appending a small	1578	/* Check for overrun in string data blocks by appending a small
1580	"cookie" after each allocated string data block, and check for the	1579	"cookie" after each allocated string data block, and check for the
1581	presence of this cookie during GC. */	1580	presence of this cookie during GC. */
1582		1581	# define GC_STRING_OVERRUN_COOKIE_SIZE ROUNDUP (4, alignof (sdata))
1583	#define GC_STRING_OVERRUN_COOKIE_SIZE 8
1584	static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =	1582	static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
1585	{ '\xde', '\xad', '\xbe', '\xef', '\xde', '\xad', '\xbe', '\xef' };	1583	{ '\xde', '\xad', '\xbe', '\xef', /* Perhaps some zeros here. */ };
1586		1584
1587	#else	1585	#else
1588	#define GC_STRING_OVERRUN_COOKIE_SIZE 0	1586	# define GC_STRING_OVERRUN_COOKIE_SIZE 0
1589	#endif	1587	#endif
1590		1588
1591	/* Value is the size of an sdata structure large enough to hold NBYTES	1589	/* Value is the size of an sdata structure large enough to hold NBYTES
@@ -1615,13 +1613,7 @@ static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
1615	#endif /* not GC_CHECK_STRING_BYTES */	1613	#endif /* not GC_CHECK_STRING_BYTES */
1616		1614
1617	/* Extra bytes to allocate for each string. */	1615	/* Extra bytes to allocate for each string. */
1618		1616	#define GC_STRING_EXTRA GC_STRING_OVERRUN_COOKIE_SIZE
1619	#define GC_STRING_EXTRA (GC_STRING_OVERRUN_COOKIE_SIZE)
1620
1621	/* Make sure that allocating the extra bytes doesn't misalign
1622	`sdata'. */
1623
1624	verify (GC_STRING_EXTRA % alignof (sdata) == 0);
1625		1617
1626	/* Exact bound on the number of bytes in a string, not counting the	1618	/* Exact bound on the number of bytes in a string, not counting the
1627	terminating NUL. A string cannot contain more bytes than	1619	terminating NUL. A string cannot contain more bytes than
@@ -1882,7 +1874,7 @@ allocate_string_data (struct Lisp_String *s,
1882		1874
1883	data->string = s;	1875	data->string = s;
1884	b->next_free = (sdata ) ((char ) data + needed + GC_STRING_EXTRA);	1876	b->next_free = (sdata ) ((char ) data + needed + GC_STRING_EXTRA);
1885	eassert ((uintptr_t) (char *) b->next_free % alignof (sdata) == 0);	1877	eassert ((uintptr_t) b->next_free % alignof (sdata) == 0);
1886		1878
1887	MALLOC_UNBLOCK_INPUT;	1879	MALLOC_UNBLOCK_INPUT;
1888		1880