diff options
author | Anthony Towns <aj@erisian.com.au> | 2019-12-10 17:05:21 +1000 |
---|---|---|
committer | Anthony Towns <aj@erisian.com.au> | 2019-12-10 18:11:40 +1000 |
commit | 9d933ef9191417b4b7d29eaa3c3a571f814acc8e (patch) | |
tree | fb291f4f400f52ba1107a345e015188d184d8e1b /src/prevector.h | |
parent | 1189b6acab115a7fe7bd67f8b4c6e3f55e53274e (diff) |
prevector: avoid misaligned member accesses
`#pragma pack(1)` prevents aligning the struct and its members to their
required alignment. This can result in code that performs non-aligned
reads and writes to integers and pointers, which is problematic on some
architectures.
It also triggers UBsan — see
https://github.com/bitcoin/bitcoin/pull/17156#issuecomment-543123631
and #17510.
Diffstat (limited to 'src/prevector.h')
-rw-r--r-- | src/prevector.h | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/prevector.h b/src/prevector.h index 4fb07688ff..f2a0c3e05b 100644 --- a/src/prevector.h +++ b/src/prevector.h @@ -15,7 +15,6 @@ #include <type_traits> #include <utility> -#pragma pack(push, 1) /** Implements a drop-in replacement for std::vector<T> which stores up to N * elements directly (without heap allocation). The types Size and Diff are * used to store element counts, and can be any unsigned + signed type. @@ -147,14 +146,20 @@ public: }; private: - size_type _size = 0; +#pragma pack(push, 1) union direct_or_indirect { char direct[sizeof(T) * N]; struct { - size_type capacity; char* indirect; + size_type capacity; }; - } _union = {}; + }; +#pragma pack(pop) + alignas(char*) direct_or_indirect _union = {}; + size_type _size = 0; + + static_assert(alignof(char*) % alignof(size_type) == 0 && sizeof(char*) % alignof(size_type) == 0, "size_type cannot have more restrictive alignment requirement than pointer"); + static_assert(alignof(char*) % alignof(T) == 0, "value_type T cannot have more restrictive alignment requirement than pointer"); T* direct_ptr(difference_type pos) { return reinterpret_cast<T*>(_union.direct) + pos; } const T* direct_ptr(difference_type pos) const { return reinterpret_cast<const T*>(_union.direct) + pos; } @@ -523,6 +528,5 @@ public: return item_ptr(0); } }; -#pragma pack(pop) #endif // BITCOIN_PREVECTOR_H |