-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix memcpy in byte_slice constructor #9583
Conversation
3adbd5a
to
d54f04d
Compare
I wasn't up-to-date with master, so the last force push was a rebase. |
If this happens, do you really want a silent failure? It'd mean the caller tried to produce a copy exceeding the whole of memory, very likely a bug, and probably unrecoverable. |
The next line catches the overflow. |
If you want to be paranoid about overflows, it would seem you need to check here for MAX wrapping back to 0: But if you include this check, based on my reading of allocate_slice and span, |
The idea was to catch the overflow later on the |
If it wraps to exactly zero, it's not caught, because the whole block is gated by |
Yup, it has defined behavior in that situation, but it is still incorrect. |
17c3370
to
dbac8d7
Compare
dbac8d7
to
92de47f
Compare
Force pushed a different change. |
There's technically an overflow in
byte_slice.cpp
that I caught while simply scanning the code. This can occur if the total memory being copied exceedssize_t
. This is unlikely to ever trigger, because the platform probably needssizeof(size_t) == 4 && sizeof(void*) == 8
(or similar) to occur. And somehow amalloc
to copy all of this data needs to succeed too. Therefore, this is primarily just defensive programming to be strictly standards compliant.