May 20, 2013 [Issue 5176] Limit static object sizes | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Andrei Alexandrescu | http://d.puremagic.com/issues/show_bug.cgi?id=5176 --- Comment #30 from 9999 <sibaqexozequgaba@tempomail.fr> 2013-05-20 01:13:22 PDT --- (In reply to comment #29) > The thing is that you may get over the page protection by several dereferences. What do you mean by several dereferences? Can you provide an example? -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
Permalink
ReplyMay 20, 2013 [Issue 5176] Limit static object sizes | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Andrei Alexandrescu | http://d.puremagic.com/issues/show_bug.cgi?id=5176 --- Comment #31 from deadalnix <deadalnix@gmail.com> 2013-05-20 01:26:56 PDT --- (In reply to comment #30) > (In reply to comment #29) > > The thing is that you may get over the page protection by several dereferences. > > What do you mean by several dereferences? > Can you provide an example? Yes sure. Let's consider the example below : struct Foo { ubyte[512] bar; } struct Buzz { ubyte[256] pad; Foo[8] qux; } Buzz* b; auto deref1 = (b.qux[7]); // deref below 4kb. deref1.bar[300]; // offset is bellow 4kb, but teh address is above 4kb. If we consider deref address only no check happens here. So it is needed to base the decision to check or not not based on the actual address, but according the the maximal address possibly reached. In other words, a 4kb+ conglomerate of value types need null check on every single pointer operation, even the on bellow 4kb. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
May 20, 2013 [Issue 5176] Limit static object sizes | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Andrei Alexandrescu | http://d.puremagic.com/issues/show_bug.cgi?id=5176 --- Comment #32 from 9999 <sibaqexozequgaba@tempomail.fr> 2013-05-20 02:08:00 PDT --- (In reply to comment #31) > Yes sure. Let's consider the example below : > > struct Foo { > ubyte[512] bar; > } > > struct Buzz { > ubyte[256] pad; > Foo[8] qux; > } > > Buzz* b; > > auto deref1 = (b.qux[7]); // deref below 4kb. > deref1.bar[300]; // offset is bellow 4kb, but teh address is above 4kb. > > If we consider deref address only no check happens here. So it is needed to base the decision to check or not not based on the actual address, but according the the maximal address possibly reached. > > In other words, a 4kb+ conglomerate of value types need null check on every single pointer operation, even the on bellow 4kb. Your example is safe, as it will crash on the first dereference (value semantics). You probably meant something similar to: Buzz* b; auto deref1 = &(b.qux[7]); // take address below 4kb. deref1.bar[300] = 0; // offset is bellow 4kb, but the address is above 4kb. Maybe it's worth adding another case then, when both are true: * Taking an address of an object whose size is above OS' guard page (Buzz in the example). * The referenced object's last available byte offset is above OS' guard page (qux[7]'s last byte in the example). -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
May 20, 2013 [Issue 5176] Limit static object sizes | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Andrei Alexandrescu | http://d.puremagic.com/issues/show_bug.cgi?id=5176 --- Comment #33 from Andrei Alexandrescu <andrei@erdani.com> 2013-05-20 05:34:03 PDT --- (In reply to comment #32) > Buzz* b; > > auto deref1 = &(b.qux[7]); // take address below 4kb. > deref1.bar[300] = 0; // offset is bellow 4kb, but the address is above 4kb. This is a red herring. The null check is inserted not if the address of the field falls above the limit, but if the address of the field PLUS the size of the field does. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
May 20, 2013 [Issue 5176] Limit static object sizes | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Andrei Alexandrescu | http://d.puremagic.com/issues/show_bug.cgi?id=5176 --- Comment #34 from 9999 <sibaqexozequgaba@tempomail.fr> 2013-05-20 06:03:10 PDT --- (In reply to comment #33) > (In reply to comment #32) > > Buzz* b; > > > > auto deref1 = &(b.qux[7]); // take address below 4kb. > > deref1.bar[300] = 0; // offset is bellow 4kb, but the address is above 4kb. > > This is a red herring. The null check is inserted not if the address of the field falls above the limit, but if the address of the field PLUS the size of the field does. That's what I meant by saying "The referenced object's last available byte". -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
May 20, 2013 [Issue 5176] Limit static object sizes | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Andrei Alexandrescu | http://d.puremagic.com/issues/show_bug.cgi?id=5176 --- Comment #35 from Andrei Alexandrescu <andrei@erdani.com> 2013-05-20 06:05:16 PDT --- (In reply to comment #34) > (In reply to comment #33) > > (In reply to comment #32) > > > Buzz* b; > > > > > > auto deref1 = &(b.qux[7]); // take address below 4kb. > > > deref1.bar[300] = 0; // offset is bellow 4kb, but the address is above 4kb. > > > > This is a red herring. The null check is inserted not if the address of the field falls above the limit, but if the address of the field PLUS the size of the field does. > > That's what I meant by saying "The referenced object's last available byte". Thanks, I replied to the wrong message. But I don't think that's a special case, the check should always work that way. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
Copyright © 1999-2021 by the D Language Foundation