stackoom
  简体   繁体   中英

Gcc custom operator new[] and delete[] is buggy for aligned class - address sanitizer reprots buffer overflow

 原文  2021-01-21 11:41:03       c++/ gcc/ c++17/ memory-alignment

Question

Basically when class has alignment requirement and custom operators new[] and delete[] , then on gcc bad things happen and address sanitizer reports buffer overflow:

MCVE: 

#include <iostream>
#include <memory>

class EndlineOnDone {
    std::ostream& out;
public:
    EndlineOnDone(std::ostream& out) : out{out} {}
    ~EndlineOnDone()
    {
        out << std::endl;
    }
    std::ostream& stream() { return out; }
};

#define VAR(x) " " #x "=[" << x << "]" 
#define LOG EndlineOnDone(std::cout).stream() << __PRETTY_FUNCTION__

std::ostream& operator<<(std::ostream& out, std::align_val_t a)
{
    return out << static_cast<size_t>(a);
}

class alignas(32) Foo
{
public :
    double x, y, z;

    void * operator new (size_t s, std::align_val_t a)
    {
        auto p = aligned_alloc(static_cast<size_t>(a), s);
        LOG << VAR(p) << VAR(s) << VAR(a);
        return p;
    }

    void operator delete (void * p, size_t s, std::align_val_t a)
    {
        LOG << VAR(p) << VAR(s) << VAR(a);
        if (p) free(p);
    }

#if 1
    void * operator new[ ] (size_t s, std::align_val_t a)
    {
        auto p = aligned_alloc(static_cast<size_t>(a), s);
        LOG << VAR(p) << VAR(s) << VAR(a);
        return p;
    }

    void operator delete[ ] (void *p, size_t s, std::align_val_t a)
    {
        LOG << VAR(p) << VAR(s) << VAR(a);
        if (p) free(p);
    }
#endif
};

int main()
{
    {
        LOG << " std::make_unique<Foo>";
        auto p = std::make_unique<Foo>();
    }

    {
        LOG << " std::make_unique<Foo[]>";
        auto p = std::make_unique<Foo[]>(3);
    }
}

https://godbolt.org/z/7xd8YM

gcc logs (no address sanitizer): 

int main() std::make_unique<Foo>
static void* Foo::operator new(size_t, std::align_val_t) p=[0x21d6ec0] s=[32] a=[32]
static void Foo::operator delete(void*, size_t, std::align_val_t) p=[0x21d6ec0] s=[32] a=[32]
int main() std::make_unique<Foo[]>
static void* Foo::operator new [](size_t, std::align_val_t) p=[0x21d6f40] s=[96] a=[32]
static void Foo::operator delete [](void*, size_t, std::align_val_t) p=[0x21d6f40] s=[3616] a=[32]

Note that s value for Foo[] doesn't match for new[] and delete[] operations.

Address sanitizer reports buffer overflow.

clang is fine

Question

Its there a way to fix this problem? For example add some compiler flag (there is see edit section below).

Is this a known issue? I do not know how to find respective bug report for that (IMO it is gcc bug).

Edit/Clue

Ok I have a workaround. Adding explicit destructor ~Foo() {} fixes this issue: https://godbolt.org/z/WoM91Y (use of ~Foo() = default; doesn't fix it).

1 answers

solution1
 1  2021-01-22 11:12:29

Interestingly enough, adding default non-inline destructor ( Foo::~Foo()=default; ) fixes the problem too.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Address Sanitizer Heap buffer Overflow operator aligned new/delete vs operator aligned new[]/delete[] gcc - how to use address sanitizer C++ works fine at my computer but gets address sanitizer heap-buffer-overflow errors on leetcode Meaningful stack traces for address sanitizer in GCC specializing operator new and operator delete of some class How to properly use new and delete (to avoid buffer overflow problems) Is this partial class specialization buggy or is it a bug in clang or gcc? MinGW-w64's gcc and Address Sanitizer GCC Address Sanitizer - blacklisting library functions (specifically boost::test)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM