Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / a9ebf6f422c1924b3c6486385babc38152c39500^2..a9ebf6f422c1924b3c6486385babc38152c39500 / .
commita9ebf6f422c1924b3c6486385babc38152c39500[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Fri Nov 19 17:13:48 2021 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Fri Nov 19 17:13:48 2021 +0000
treecbf110d4578ac2c69cc64a67c610f2668a9f3812
parentf4c8b0da3968bcdece995f1517bac02242243c10 [diff]
parent5b57d9cd84afdda57f3b19a77f052d65525c3b76 [diff]
Merge "Remove boilerplate."
diff --git a/benchmarks/stdlib_benchmark.cpp b/benchmarks/stdlib_benchmark.cpp
index b6ea58d..14b380a 100644
--- a/benchmarks/stdlib_benchmark.cpp
+++ b/benchmarks/stdlib_benchmark.cpp

@@ -155,88 +155,71 @@
 BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_malloc_multiple_8192_allocs_decay1, "AT_SMALL_SIZES");
 #endif
 
-static void BM_stdlib_mbstowcs(benchmark::State& state) {
-  const size_t buf_alignment = state.range(0);
-  const size_t widebuf_alignment = state.range(1);
-
-  std::vector<char> buf;
-  std::vector<wchar_t> widebuf;
-
-  setlocale(LC_CTYPE, "C.UTF-8")
-  || setlocale(LC_CTYPE, "en_US.UTF-8")
-  || setlocale(LC_CTYPE, "en_GB.UTF-8")
-  || setlocale(LC_CTYPE, "en.UTF-8")
-  || setlocale(LC_CTYPE, "de_DE-8")
-  || setlocale(LC_CTYPE, "fr_FR-8");
-  if (strcmp(nl_langinfo(CODESET), "UTF-8")) {
-    errx(1, "ERROR: unable to set locale in BM_stdlib_mbstowcs");
-  }
-
-  char* buf_aligned = GetAlignedPtr(&buf, buf_alignment, 500000);
-  wchar_t* widebuf_aligned = GetAlignedPtr(&widebuf, widebuf_alignment, 500000);
-  size_t i, j, k, l;
-  l = 0;
-  for (i=0xc3; i<0xe0; i++)
-    for (j=0x80; j<0xc0; j++)
-      buf[l++] = i, buf[l++] = j;
-  for (i=0xe1; i<0xed; i++)
-    for (j=0x80; j<0xc0; j++)
-      for (k=0x80; k<0xc0; k++)
-        buf[l++] = i, buf[l++] = j, buf[l++] = k;
-  for (i=0xf1; i<0xf4; i++)
-    for (j=0x80; j<0xc0; j++)
-      for (k=0x80; k<0xc0; k++)
-        buf[l++] = i, buf[l++] = j, buf[l++] = 0x80, buf[l++] = k;
-  buf[l++] = 0;
+static void BM_stdlib_mbstowcs_ascii(benchmark::State& state) {
+  // It doesn't really matter what ASCII character we pick.
+  // The flow through the fast path is the same regardless.
+  const size_t count = 500000;
+  std::vector<char> mbs(count, 'e');
+  std::vector<wchar_t> wcs(count);
 
   for (auto _ : state) {
-    benchmark::DoNotOptimize(mbstowcs(widebuf_aligned, buf_aligned, 500000));
+    benchmark::DoNotOptimize(mbstowcs(&wcs[0], &mbs[0], wcs.size()));
   }
 
-  state.SetBytesProcessed(uint64_t(state.iterations()) * uint64_t(500000));
+  state.SetBytesProcessed(uint64_t(state.iterations()) * uint64_t(wcs.size()));
 }
-BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbstowcs, "0 0");
+BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbstowcs_ascii, "");
 
-static void BM_stdlib_mbrtowc(benchmark::State& state) {
-  const size_t buf_alignment = state.range(0);
-
-  std::vector<char> buf;
-
-  setlocale(LC_CTYPE, "C.UTF-8")
-  || setlocale(LC_CTYPE, "en_US.UTF-8")
-  || setlocale(LC_CTYPE, "en_GB.UTF-8")
-  || setlocale(LC_CTYPE, "en.UTF-8")
-  || setlocale(LC_CTYPE, "de_DE-8")
-  || setlocale(LC_CTYPE, "fr_FR-8");
-  if (strcmp(nl_langinfo(CODESET), "UTF-8")) {
-    errx(1, "ERROR: unable to set locale in BM_stdlib_mbrtowc");
+static void BM_stdlib_mbstowcs_wide(benchmark::State& state) {
+  // It doesn't matter much what wide character we pick.
+  // A three-byte character seems pretty representative, and all three byte
+  // characters are the same from the code's perspective.
+  const size_t count = 500000;
+  std::string mbs;
+  for (size_t i = 0; i < count; i++) {
+    mbs += "\xe5\xb1\xb1";
   }
+  std::vector<wchar_t> wcs(count);
 
-  char* buf_aligned = GetAlignedPtr(&buf, buf_alignment, 500000);
-  size_t i, j, k, l;
-  l = 0;
-  for (i=0xc3; i<0xe0; i++)
-    for (j=0x80; j<0xc0; j++)
-      buf[l++] = i, buf[l++] = j;
-  for (i=0xe1; i<0xed; i++)
-    for (j=0x80; j<0xc0; j++)
-      for (k=0x80; k<0xc0; k++)
-        buf[l++] = i, buf[l++] = j, buf[l++] = k;
-  for (i=0xf1; i<0xf4; i++)
-    for (j=0x80; j<0xc0; j++)
-      for (k=0x80; k<0xc0; k++)
-        buf[l++] = i, buf[l++] = j, buf[l++] = 0x80, buf[l++] = k;
-  buf[l++] = 0;
-
-  wchar_t wc = 0;
   for (auto _ : state) {
-    for (j = 0; buf_aligned[j]; j+=mbrtowc(&wc, buf_aligned + j, 4, nullptr)) {
-    }
+    benchmark::DoNotOptimize(mbstowcs(&wcs[0], &mbs[0], wcs.size()));
   }
 
-  state.SetBytesProcessed(uint64_t(state.iterations()) * uint64_t(500000));
+  state.SetBytesProcessed(uint64_t(state.iterations()) * uint64_t(wcs.size()));
 }
-BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbrtowc, "0");
+BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbstowcs_wide, "");
+
+static void BM_stdlib_mbrtowc_1(benchmark::State& state) {
+  wchar_t wc;
+  for (auto _ : state) {
+    benchmark::DoNotOptimize(mbrtowc(&wc, "e", 1, nullptr));
+  }
+}
+BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbrtowc_1, "");
+
+static void BM_stdlib_mbrtowc_2(benchmark::State& state) {
+  wchar_t wc;
+  for (auto _ : state) {
+    benchmark::DoNotOptimize(mbrtowc(&wc, "\xc3\x9f", 3, nullptr));
+  }
+}
+BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbrtowc_2, "");
+
+static void BM_stdlib_mbrtowc_3(benchmark::State& state) {
+  wchar_t wc;
+  for (auto _ : state) {
+    benchmark::DoNotOptimize(mbrtowc(&wc, "\xe5\xb1\xb1", 3, nullptr));
+  }
+}
+BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbrtowc_3, "");
+
+static void BM_stdlib_mbrtowc_4(benchmark::State& state) {
+  wchar_t wc;
+  for (auto _ : state) {
+    benchmark::DoNotOptimize(mbrtowc(&wc, "\xf0\xa4\xad\xa2", 4, nullptr));
+  }
+}
+BIONIC_BENCHMARK_WITH_ARG(BM_stdlib_mbrtowc_4, "");
 
 BIONIC_TRIVIAL_BENCHMARK(BM_stdlib_atoi, atoi(" -123"));
 BIONIC_TRIVIAL_BENCHMARK(BM_stdlib_atol, atol(" -123"));

diff --git a/libc/bionic/c16rtomb.cpp b/libc/bionic/c16rtomb.cpp
index 2d6ae93..e052d04 100644
--- a/libc/bionic/c16rtomb.cpp
+++ b/libc/bionic/c16rtomb.cpp

@@ -43,7 +43,7 @@
 size_t c16rtomb(char* s, char16_t c16, mbstate_t* ps) {
   static mbstate_t __private_state;
   mbstate_t* state = (ps == nullptr) ? &__private_state : ps;
-  if (mbsinit(state)) {
+  if (mbstate_is_initial(state)) {
     if (is_high_surrogate(c16)) {
       char32_t c32 = (c16 & ~0xd800) << 10;
       mbstate_set_byte(state, 3, (c32 & 0xff0000) >> 16);

diff --git a/libc/bionic/c32rtomb.cpp b/libc/bionic/c32rtomb.cpp
index 2909d8b..d2519b9 100644
--- a/libc/bionic/c32rtomb.cpp
+++ b/libc/bionic/c32rtomb.cpp

@@ -50,7 +50,7 @@
     return mbstate_reset_and_return(1, state);
   }
 
-  if (!mbsinit(state)) {
+  if (!mbstate_is_initial(state)) {
     return mbstate_reset_and_return_illegal(EILSEQ, state);
   }
 

diff --git a/libc/bionic/mbrtoc16.cpp b/libc/bionic/mbrtoc16.cpp
index acea426..154b8a3 100644
--- a/libc/bionic/mbrtoc16.cpp
+++ b/libc/bionic/mbrtoc16.cpp

@@ -77,12 +77,15 @@
     return nconv;
   } else if (nconv == 0) {
     return mbstate_reset_and_return(nconv, state);
-  } else if (c32 > 0x10ffff) {
-    // Input cannot be encoded as UTF-16.
-    return mbstate_reset_and_return_illegal(EILSEQ, state);
   } else if (c32 < 0x10000) {
     *pc16 = static_cast<char16_t>(c32);
     return mbstate_reset_and_return(nconv, state);
+  } else if (c32 > 0x10ffff) {
+    // This case is currently handled by mbrtoc32() returning an error, but
+    // if that function is extended to cover 5-byte sequences (which are
+    // illegal at the moment), we'd need to explicitly handle the case of
+    // codepoints that can't be represented as a surrogate pair here.
+    return mbstate_reset_and_return_illegal(EILSEQ, state);
   } else {
     return begin_surrogate(c32, pc16, nconv, state);
   }

diff --git a/libc/bionic/mbrtoc32.cpp b/libc/bionic/mbrtoc32.cpp
index 644e542..21603a1 100644
--- a/libc/bionic/mbrtoc32.cpp
+++ b/libc/bionic/mbrtoc32.cpp

@@ -55,7 +55,7 @@
   }
 
   uint8_t ch;
-  if (mbsinit(state) && (((ch = static_cast<uint8_t>(*s)) & ~0x7f) == 0)) {
+  if (mbstate_is_initial(state) && (((ch = static_cast<uint8_t>(*s)) & ~0x7f) == 0)) {
     // Fast path for plain ASCII characters.
     if (pc32 != nullptr) {
       *pc32 = ch;
@@ -105,7 +105,7 @@
   size_t bytes_wanted = length - bytes_so_far;
   size_t i;
   for (i = 0; i < MIN(bytes_wanted, n); i++) {
-    if (!mbsinit(state) && ((*s & 0xc0) != 0x80)) {
+    if (!mbstate_is_initial(state) && ((*s & 0xc0) != 0x80)) {
       // Malformed input; bad characters in the middle of a character.
       return mbstate_reset_and_return_illegal(EILSEQ, state);
     }

diff --git a/libc/bionic/wchar.cpp b/libc/bionic/wchar.cpp
index dabe824..bd9a45e 100644
--- a/libc/bionic/wchar.cpp
+++ b/libc/bionic/wchar.cpp

@@ -54,7 +54,7 @@
 //
 
 int mbsinit(const mbstate_t* ps) {
-  return (ps == nullptr || (*(reinterpret_cast<const uint32_t*>(ps->__seq)) == 0));
+  return ps == nullptr || mbstate_is_initial(ps);
 }
 
 size_t mbrtowc(wchar_t* pwc, const char* s, size_t n, mbstate_t* ps) {
@@ -148,7 +148,7 @@
   static mbstate_t __private_state;
   mbstate_t* state = (ps == nullptr) ? &__private_state : ps;
 
-  if (!mbsinit(state)) {
+  if (!mbstate_is_initial(state)) {
     return mbstate_reset_and_return_illegal(EILSEQ, state);
   }
 

diff --git a/libc/private/bionic_mbstate.h b/libc/private/bionic_mbstate.h
index 352115a..243b220 100644
--- a/libc/private/bionic_mbstate.h
+++ b/libc/private/bionic_mbstate.h

@@ -44,6 +44,10 @@
 #define __MB_IS_ERR(rv) (rv == __MB_ERR_ILLEGAL_SEQUENCE || \
                          rv == __MB_ERR_INCOMPLETE_SEQUENCE)
 
+static inline __wur bool mbstate_is_initial(const mbstate_t* ps) {
+  return *(reinterpret_cast<const uint32_t*>(ps->__seq)) == 0;
+}
+
 static inline __wur size_t mbstate_bytes_so_far(const mbstate_t* ps) {
   return
       (ps->__seq[2] != 0) ? 3 :

diff --git a/tests/malloc_test.cpp b/tests/malloc_test.cpp
index b5948c3..5e8fb9f 100644
--- a/tests/malloc_test.cpp
+++ b/tests/malloc_test.cpp

@@ -1430,3 +1430,25 @@
   GTEST_SKIP() << "bionic extension";
 #endif
 }
+
+// Regression test for b/206701345 -- scudo bug, MTE only.
+// Fix: https://reviews.llvm.org/D105261
+// Fix: https://android-review.googlesource.com/c/platform/external/scudo/+/1763655
+TEST(malloc, realloc_mte_crash_b206701345) {
+  // We want to hit in-place realloc at the very end of an mmap-ed region.  Not
+  // all size classes allow such placement - mmap size has to be divisible by
+  // the block size. At the time of writing this could only be reproduced with
+  // 64 byte size class (i.e. 48 byte allocations), but that may change in the
+  // future. Try several different classes at the lower end.
+  std::vector<void*> ptrs(10000);
+  for (int i = 1; i < 32; ++i) {
+    size_t sz = 16 * i - 1;
+    for (void*& p : ptrs) {
+      p = realloc(malloc(sz), sz + 1);
+    }
+
+    for (void* p : ptrs) {
+      free(p);
+    }
+  }
+}