diff options
| author | Andrew Chow <github@achow101.com> | 2023-07-25 18:44:15 -0400 |
|---|---|---|
| committer | Andrew Chow <github@achow101.com> | 2023-07-25 18:54:29 -0400 |
| commit | 32c15237b656209b932c5d6d2e20736c0e3d5a34 (patch) | |
| tree | 1eb4873f9c49cc0a3fa2f78fe12fcafd0099398c /src | |
| parent | 1ed8a0f8d26439820554213f8ffead2d5d8ea864 (diff) | |
| parent | 07c59eda00841aafaafd8fd648217b56b1e907c9 (diff) | |
| download | bitcoin-32c15237b656209b932c5d6d2e20736c0e3d5a34.tar.xz | |
Merge bitcoin/bitcoin#27930: util: Don't derive secure_allocator from std::allocator
07c59eda00841aafaafd8fd648217b56b1e907c9 Don't derive secure_allocator from std::allocator (Casey Carter)
Pull request description:
Giving the C++ Standard Committee control of the public interface of your type means they will break it. C++23 adds a new `allocate_at_least` member to `std::allocator`. Very bad things happen when, say, `std::vector` uses `allocate_at_least` from `secure_allocator`'s base to allocate memory which it then tries to free with `secure_allocator::deallocate`.
(Discovered by microsoft/STL#3712, which will be reverted by microsoft/STL#3819 before it ships.)
ACKs for top commit:
jonatack:
re-ACK 07c59eda00841aafaafd8fd648217b56b1e907c9 no change since my previous ACK apart from squashing the commits
achow101:
ACK 07c59eda00841aafaafd8fd648217b56b1e907c9
john-moffett:
ACK 07c59eda00841aafaafd8fd648217b56b1e907c9 Reviewed and tested. Performance appears unaffected in my environment.
Tree-SHA512: 23606c40414d325f5605a9244d4dd50907fdf5f2fbf70f336accb3a2cb98baa8acd2972f46eab1b7fdec1d28a843a96b06083cd2d09791cda7c90ee218e5bbd5
Diffstat (limited to 'src')
| -rw-r--r-- | src/support/allocators/secure.h | 36 | ||||
| -rw-r--r-- | src/support/allocators/zeroafterfree.h | 39 |
2 files changed, 39 insertions, 36 deletions
diff --git a/src/support/allocators/secure.h b/src/support/allocators/secure.h index b2076bea07..558f835f11 100644 --- a/src/support/allocators/secure.h +++ b/src/support/allocators/secure.h @@ -17,27 +17,14 @@ // out of memory and clears its contents before deletion. // template <typename T> -struct secure_allocator : public std::allocator<T> { - using base = std::allocator<T>; - using traits = std::allocator_traits<base>; - using size_type = typename traits::size_type; - using difference_type = typename traits::difference_type; - using pointer = typename traits::pointer; - using const_pointer = typename traits::const_pointer; - using value_type = typename traits::value_type; - secure_allocator() noexcept {} - secure_allocator(const secure_allocator& a) noexcept : base(a) {} +struct secure_allocator { + using value_type = T; + + secure_allocator() = default; template <typename U> - secure_allocator(const secure_allocator<U>& a) noexcept : base(a) - { - } - ~secure_allocator() noexcept {} - template <typename Other> - struct rebind { - typedef secure_allocator<Other> other; - }; + secure_allocator(const secure_allocator<U>&) noexcept {} - T* allocate(std::size_t n, const void* hint = nullptr) + T* allocate(std::size_t n) { T* allocation = static_cast<T*>(LockedPoolManager::Instance().alloc(sizeof(T) * n)); if (!allocation) { @@ -53,6 +40,17 @@ struct secure_allocator : public std::allocator<T> { } LockedPoolManager::Instance().free(p); } + + template <typename U> + friend bool operator==(const secure_allocator&, const secure_allocator<U>&) noexcept + { + return true; + } + template <typename U> + friend bool operator!=(const secure_allocator&, const secure_allocator<U>&) noexcept + { + return false; + } }; // This is exactly like std::string, but with a custom allocator. diff --git a/src/support/allocators/zeroafterfree.h b/src/support/allocators/zeroafterfree.h index 2dc644c242..6d50eb70a6 100644 --- a/src/support/allocators/zeroafterfree.h +++ b/src/support/allocators/zeroafterfree.h @@ -12,31 +12,36 @@ #include <vector> template <typename T> -struct zero_after_free_allocator : public std::allocator<T> { - using base = std::allocator<T>; - using traits = std::allocator_traits<base>; - using size_type = typename traits::size_type; - using difference_type = typename traits::difference_type; - using pointer = typename traits::pointer; - using const_pointer = typename traits::const_pointer; - using value_type = typename traits::value_type; - zero_after_free_allocator() noexcept {} - zero_after_free_allocator(const zero_after_free_allocator& a) noexcept : base(a) {} +struct zero_after_free_allocator { + using value_type = T; + + zero_after_free_allocator() noexcept = default; template <typename U> - zero_after_free_allocator(const zero_after_free_allocator<U>& a) noexcept : base(a) + zero_after_free_allocator(const zero_after_free_allocator<U>&) noexcept + { + } + + T* allocate(std::size_t n) { + return std::allocator<T>{}.allocate(n); } - ~zero_after_free_allocator() noexcept {} - template <typename Other> - struct rebind { - typedef zero_after_free_allocator<Other> other; - }; void deallocate(T* p, std::size_t n) { if (p != nullptr) memory_cleanse(p, sizeof(T) * n); - std::allocator<T>::deallocate(p, n); + std::allocator<T>{}.deallocate(p, n); + } + + template <typename U> + friend bool operator==(const zero_after_free_allocator&, const zero_after_free_allocator<U>&) noexcept + { + return true; + } + template <typename U> + friend bool operator!=(const zero_after_free_allocator&, const zero_after_free_allocator<U>&) noexcept + { + return false; } }; |