wl pushed a commit to branch master in repository groff. commit b780e9e8724322831e89d49773c1735cb5f94a38 Author: Bálint Réczey <bal...@balintreczey.hu> Date: Tue Feb 16 00:34:24 2016 +0100
Simplify memory allocation (#47162). Many invalid memory accesses were caught by UBSAN (e.g., invalid memory access in `small_temp_iterator::operator new') while bootstrapping hardened1-linux-amd64 Debian port in the `free_list' handling because it doesn't properly handle the padding between array elements. Some places were already #if 0-d out anyway. * src/roff/troff/input.cpp (small_temp_iterator): Remove class. (make_temp_iterator): Use `temp_iterator' only. * src/devices/grotty/tty.cpp (tty_glyph): Remove `free_list', `new', and `delete'. * src/include/color.h, src/include/color.cpp (color): Ditto. * src/roff/troff/env.cpp (tab): Ditto. * src/roff/troff/node.cpp (glyph_node): Ditto. --- ChangeLog | 26 +++++++++++++++++- src/devices/grotty/tty.cpp | 27 ------------------ src/include/color.h | 3 -- src/libs/libgroff/color.cpp | 25 ----------------- src/roff/troff/env.cpp | 32 ---------------------- src/roff/troff/input.cpp | 63 +----------------------------------------- src/roff/troff/node.cpp | 55 ------------------------------------- src/roff/troff/node.h | 9 ------ 8 files changed, 27 insertions(+), 213 deletions(-) diff --git a/ChangeLog b/ChangeLog index b264974..14f0388 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,27 @@ +2016-02-16 Bálint Réczey <bal...@balintreczey.hu> + + Simplify memory allocation (#47162). + + Many invalid memory accesses were caught by UBSAN (e.g., invalid + memory access in `small_temp_iterator::operator new') while + bootstrapping hardened1-linux-amd64 Debian port in the `free_list' + handling because it doesn't properly handle the padding between + array elements. + + Some places were already #if 0-d out anyway. + + * src/roff/troff/input.cpp (small_temp_iterator): Remove class. + (make_temp_iterator): Use `temp_iterator' only. + + * src/devices/grotty/tty.cpp (tty_glyph): Remove `free_list', `new', + and `delete'. + + * src/include/color.h, src/include/color.cpp (color): Ditto. + + * src/roff/troff/env.cpp (tab): Ditto. + + * src/roff/troff/node.cpp (glyph_node): Ditto. + 2016-02-15 Bálint Réczey <bal...@balintreczey.hu> [pre-grohtml] Fix out-of-bounds array access (#47161). @@ -62,7 +86,7 @@ gropdf was choking on -I flag passed by groff, now uses these directories to search for included pdfs. - * src/devices/gropdf/gropdf.pl: Handle -I flag, avoid + * src/devices/gropdf/gropdf.pl: Handle -I flag, avoid unitialised values. * src/roff/groff/groff.1.man: Include 'X pdf: pdfpic' diff --git a/src/devices/grotty/tty.cpp b/src/devices/grotty/tty.cpp index 60d46e8..d6308b6 100644 --- a/src/devices/grotty/tty.cpp +++ b/src/devices/grotty/tty.cpp @@ -153,7 +153,6 @@ void tty_font::handle_x_command(int argc, const char **argv) #endif class tty_glyph { - static tty_glyph *free_list; public: tty_glyph *next; int w; @@ -162,37 +161,11 @@ public: unsigned char mode; schar back_color_idx; schar fore_color_idx; - void *operator new(size_t); - void operator delete(void *); inline int draw_mode() { return mode & (VDRAW_MODE|HDRAW_MODE); } inline int order() { return mode & (VDRAW_MODE|HDRAW_MODE|CU_MODE|COLOR_CHANGE); } }; -tty_glyph *tty_glyph::free_list = 0; - -void *tty_glyph::operator new(size_t) -{ - if (!free_list) { - const int BLOCK = 1024; - free_list = (tty_glyph *)new char[sizeof(tty_glyph) * BLOCK]; - for (int i = 0; i < BLOCK - 1; i++) - free_list[i].next = free_list + i + 1; - free_list[BLOCK - 1].next = 0; - } - tty_glyph *p = free_list; - free_list = free_list->next; - p->next = 0; - return p; -} - -void tty_glyph::operator delete(void *p) -{ - if (p) { - ((tty_glyph *)p)->next = free_list; - free_list = (tty_glyph *)p; - } -} class tty_printer : public printer { tty_glyph **lines; diff --git a/src/include/color.h b/src/include/color.h index 9765686..24fb151 100644 --- a/src/include/color.h +++ b/src/include/color.h @@ -28,7 +28,6 @@ private: color_scheme scheme; unsigned int components[4]; color *next; - static color *free_list; int read_encoding(const color_scheme, const char * const, const size_t); @@ -39,8 +38,6 @@ public: color(symbol s = default_symbol) : scheme(DEFAULT), nm(s) {} color(const color * const); ~color(); - void *operator new(size_t); - void operator delete(void *); int operator==(const color & c) const; int operator!=(const color & c) const; diff --git a/src/libs/libgroff/color.cpp b/src/libs/libgroff/color.cpp index 3efc097..e0ea323 100644 --- a/src/libs/libgroff/color.cpp +++ b/src/libs/libgroff/color.cpp @@ -43,31 +43,6 @@ min(const unsigned int a, const unsigned int b) return b; } -color *color::free_list = 0; - -void *color::operator new(size_t n) -{ - assert(n == sizeof(color)); - if (!free_list) { - const int BLOCK = 128; - free_list = (color *)new char[sizeof(color)*BLOCK]; - for (int i = 0; i < BLOCK - 1; i++) - free_list[i].next = free_list + i + 1; - free_list[BLOCK-1].next = 0; - } - color *p = free_list; - free_list = (color *)(free_list->next); - p->next = 0; - return p; -} - -void color::operator delete(void *p) -{ - if (p) { - ((color *)p)->next = free_list; - free_list = (color *)p; - } -} color::color(const color * const c) { diff --git a/src/roff/troff/env.cpp b/src/roff/troff/env.cpp index 9fbd592..1d8846f 100644 --- a/src/roff/troff/env.cpp +++ b/src/roff/troff/env.cpp @@ -2543,40 +2543,8 @@ struct tab { tab_type type; tab(hunits, tab_type); enum { BLOCK = 1024 }; - static tab *free_list; - void *operator new(size_t); - void operator delete(void *); }; -tab *tab::free_list = 0; - -void *tab::operator new(size_t n) -{ - assert(n == sizeof(tab)); - if (!free_list) { - free_list = (tab *)new char[sizeof(tab)*BLOCK]; - for (int i = 0; i < BLOCK - 1; i++) - free_list[i].next = free_list + i + 1; - free_list[BLOCK-1].next = 0; - } - tab *p = free_list; - free_list = (tab *)(free_list->next); - p->next = 0; - return p; -} - -#ifdef __GNUG__ -/* cfront can't cope with this. */ -inline -#endif -void tab::operator delete(void *p) -{ - if (p) { - ((tab *)p)->next = free_list; - free_list = (tab *)p; - } -} - tab::tab(hunits x, tab_type t) : next(0), pos(x), type(t) { } diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp index 163cffa..2d346d7 100644 --- a/src/roff/troff/input.cpp +++ b/src/roff/troff/input.cpp @@ -3607,73 +3607,14 @@ temp_iterator::~temp_iterator() a_delete base; } -class small_temp_iterator : public input_iterator { -private: - small_temp_iterator(const char *, int); - ~small_temp_iterator(); - enum { BLOCK = 16 }; - static small_temp_iterator *free_list; - void *operator new(size_t); - void operator delete(void *); - enum { SIZE = 12 }; - unsigned char buf[SIZE]; - friend input_iterator *make_temp_iterator(const char *); -}; - -small_temp_iterator *small_temp_iterator::free_list = 0; - -void *small_temp_iterator::operator new(size_t n) -{ - assert(n == sizeof(small_temp_iterator)); - if (!free_list) { - free_list = - (small_temp_iterator *)new char[sizeof(small_temp_iterator)*BLOCK]; - for (int i = 0; i < BLOCK - 1; i++) - free_list[i].next = free_list + i + 1; - free_list[BLOCK-1].next = 0; - } - small_temp_iterator *p = free_list; - free_list = (small_temp_iterator *)(free_list->next); - p->next = 0; - return p; -} - -#ifdef __GNUG__ -inline -#endif -void small_temp_iterator::operator delete(void *p) -{ - if (p) { - ((small_temp_iterator *)p)->next = free_list; - free_list = (small_temp_iterator *)p; - } -} - -small_temp_iterator::~small_temp_iterator() -{ -} - -#ifdef __GNUG__ -inline -#endif -small_temp_iterator::small_temp_iterator(const char *s, int len) -{ - for (int i = 0; i < len; i++) - buf[i] = s[i]; - ptr = buf; - eptr = buf + len; -} input_iterator *make_temp_iterator(const char *s) { if (s == 0) - return new small_temp_iterator(s, 0); + return new temp_iterator(s, 0); else { int n = strlen(s); - if (n <= small_temp_iterator::SIZE) - return new small_temp_iterator(s, n); - else - return new temp_iterator(s, n); + return new temp_iterator(s, n); } } diff --git a/src/roff/troff/node.cpp b/src/roff/troff/node.cpp index 3eca523..a6ab1b5 100644 --- a/src/roff/troff/node.cpp +++ b/src/roff/troff/node.cpp @@ -1847,7 +1847,6 @@ int charinfo_node::overlaps_vertically() } class glyph_node : public charinfo_node { - static glyph_node *free_list; protected: tfont *tf; color *gcol; @@ -1858,8 +1857,6 @@ protected: statem *, int, node * = 0); #endif public: - void *operator new(size_t); - void operator delete(void *); glyph_node(charinfo *, tfont *, color *, color *, statem *, int, node * = 0); ~glyph_node() {} @@ -1892,8 +1889,6 @@ public: void debug_node(); }; -glyph_node *glyph_node::free_list = 0; - class ligature_node : public glyph_node { node *n1; node *n2; @@ -1975,35 +1970,11 @@ public: int is_tag(); }; -void *glyph_node::operator new(size_t n) -{ - assert(n == sizeof(glyph_node)); - if (!free_list) { - const int BLOCK = 1024; - free_list = (glyph_node *)new char[sizeof(glyph_node)*BLOCK]; - for (int i = 0; i < BLOCK - 1; i++) - free_list[i].next = free_list + i + 1; - free_list[BLOCK-1].next = 0; - } - glyph_node *p = free_list; - free_list = (glyph_node *)(free_list->next); - p->next = 0; - return p; -} - void *ligature_node::operator new(size_t n) { return new char[n]; } -void glyph_node::operator delete(void *p) -{ - if (p) { - ((glyph_node *)p)->next = free_list; - free_list = (glyph_node *)p; - } -} - void ligature_node::operator delete(void *p) { delete[] (char *)p; @@ -3195,32 +3166,6 @@ int node::merge_space(hunits, hunits, hunits) return 0; } -#if 0 -space_node *space_node::free_list = 0; - -void *space_node::operator new(size_t n) -{ - assert(n == sizeof(space_node)); - if (!free_list) { - free_list = (space_node *)new char[sizeof(space_node)*BLOCK]; - for (int i = 0; i < BLOCK - 1; i++) - free_list[i].next = free_list + i + 1; - free_list[BLOCK-1].next = 0; - } - space_node *p = free_list; - free_list = (space_node *)(free_list->next); - p->next = 0; - return p; -} - -inline void space_node::operator delete(void *p) -{ - if (p) { - ((space_node *)p)->next = free_list; - free_list = (space_node *)p; - } -} -#endif space_node::space_node(hunits nn, color *c, node *p) : node(p, 0, 0), n(nn), set(0), was_escape_colon(0), col(c) diff --git a/src/roff/troff/node.h b/src/roff/troff/node.h index bf3e154..46c065a 100644 --- a/src/roff/troff/node.h +++ b/src/roff/troff/node.h @@ -165,11 +165,6 @@ public: class space_node : public node { private: -#if 0 - enum { BLOCK = 1024 }; - static space_node *free_list; - void operator delete(void *); -#endif protected: hunits n; char set; @@ -178,10 +173,6 @@ protected: space_node(hunits, int, int, color *, statem *, int, node * = 0); public: space_node(hunits, color *, node * = 0); -#if 0 - ~space_node(); - void *operator new(size_t); -#endif node *copy(); int nspaces(); hunits width(); _______________________________________________ Groff-commit mailing list Groff-commit@gnu.org https://lists.gnu.org/mailman/listinfo/groff-commit