This is an archive of the discontinued LLVM Phabricator instance.

Differential D52401

Remove redundant null pointer check in operator delete
ClosedPublic

Authored by MaskRay on Sep 22 2018, 10:17 PM.

Details

Reviewers
EricWF
mclow.lists
khng300
hotpxl
Commits
rG7cd67904f776: Remove redundant null pointer check in operator delete
rG6da5366ea9f9: Remove redundant null pointer check in operator delete
rCXX343503: Remove redundant null pointer check in operator delete
rL343503: Remove redundant null pointer check in operator delete
rCXX342936: Remove redundant null pointer check in operator delete
rL342936: Remove redundant null pointer check in operator delete
Summary

C89 4.10.3.2 The free function
C99 7.20.3.2 The free function
C11 7.22.3.3 The free function

If ptr is a null pointer, no action shall occur.

_aligned_free on MSDN:

If memblock is a NULL pointer, this function simply performs no actions.

Diff Detail

Repository
rL LLVM

Event Timeline

MaskRay created this revision.Sep 22 2018, 10:17 PM
Herald added subscribers: libcxx-commits, cfe-commits, ldionne, christof. · View Herald TranscriptSep 22 2018, 10:17 PM
Harbormaster completed remote builds in B22967: Diff 166624.Sep 22 2018, 10:17 PM
MaskRay updated this revision to Diff 166625.Sep 22 2018, 10:21 PM
MaskRay edited the summary of this revision. (Show Details)

.

Harbormaster completed remote builds in B22968: Diff 166625.Sep 22 2018, 10:24 PM
ldionne added a comment.Sep 23 2018, 12:09 AM

Was this true pre-C11 too? If not, then this needs to be guarded by #if _LIBCPP_STD_VER >= 17, because C++ is only on top of C11 in C++17 and above (Marshall can double-check this).

MaskRay updated this revision to Diff 166629.Sep 23 2018, 12:45 AM
MaskRay edited the summary of this revision. (Show Details)

Also remove the check for _aligned_free

MaskRay updated this revision to Diff 166632.Sep 23 2018, 1:29 AM
MaskRay edited the summary of this revision. (Show Details)

Quote C89: "If ptr is a null pointer, no action occurs."

Harbormaster completed remote builds in B22970: Diff 166632.Sep 23 2018, 1:29 AM
MaskRay added a comment.Sep 23 2018, 1:31 AM
In D52401#1243054, @ldionne wrote:

Was this true pre-C11 too? If not, then this needs to be guarded by #if _LIBCPP_STD_VER >= 17, because C++ is only on top of C11 in C++17 and above (Marshall can double-check this).

Thanks for the note. It is true in C89 (http://port70.net/~nsz/c/c89/c89-draft.html).
"If ptr is a null pointer, no action occurs." Also similar wording in POSIX "If ptr is a null pointer, no action shall occur."

MaskRay added a comment.Sep 24 2018, 4:41 PM

Ping :)

khng300 accepted this revision.Sep 24 2018, 7:45 PM
khng300 added a subscriber: khng300.

LGTM

This revision is now accepted and ready to land.Sep 24 2018, 7:45 PM
hotpxl accepted this revision.Sep 24 2018, 7:45 PM
hotpxl added a subscriber: hotpxl.

LGTM

Closed by commit rL342936: Remove redundant null pointer check in operator delete (authored by MaskRay). · Explain WhySep 24 2018, 7:52 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: llvm-commits. · View Herald TranscriptSep 24 2018, 7:52 PM
ldionne added a comment.Sep 24 2018, 9:14 PM

You did not get a thumbs up from any of the code owners for libc++. Reverted in r342938.

lichray reopened this revision.Sep 28 2018, 9:49 PM
lichray added a subscriber: lichray.

LGTM as well, unless @mclow.lists can tell us some history like interactions with K&R libc :)

This revision is now accepted and ready to land.Sep 28 2018, 9:49 PM
mclow.lists added a comment.Sep 30 2018, 3:19 PM

I suspect it's fine, but I need to check some stuff on old versions of glibc (I seem to recall a problem with that).

MaskRay added a comment.Sep 30 2018, 6:41 PM

I just checked an extremely old version of glibc fetched from https://ftp.gnu.org/pub/gnu/glibc/

glibc-2.0.1.tar.gz 1997-02-04 03:00 3.7M

malloc/malloc.c

#if __STD_C
void fREe(Void_t* mem)
#else
void fREe(mem) Void_t* mem;
#endif
{
  arena *ar_ptr;
  mchunkptr p;                          /* chunk corresponding to mem */

#if defined(_LIBC) || defined(MALLOC_HOOKS)
  if (__free_hook != NULL) {
    (*__free_hook)(mem);
    return;
  }
#endif

  if (mem == 0)                              /* free(0) has no effect */
    return;

__free_hook (defaults to NULL) is a user-supplied hook (https://www.gnu.org/software/libc/manual/html_node/Hooks-for-Malloc.html). If this failed for operator delete, it would mean various other free(NULL) would also fail.

MaskRay added a comment.Sep 30 2018, 6:44 PM

I seem to recall a problem with that

I would like to know if your impression came from the common PWN technique when the attacker found a heap buffer overflow :)

lichray added a comment.Sep 30 2018, 7:17 PM
In D52401#1250551, @MaskRay wrote:

__free_hook (defaults to NULL) is a user-supplied hook (https://www.gnu.org/software/libc/manual/html_node/Hooks-for-Malloc.html).

Very interesting, that means if we don't apply this patch, we essentially breaks glic __free_hook, because that one expects to be able to observe null pointers.

mclow.lists added a comment.Sep 30 2018, 11:31 PM
In D52401#1250552, @MaskRay wrote:

I seem to recall a problem with that

I would like to know if your impression came from the common PWN technique when the attacker found a heap buffer overflow :)

No; that's not what I'm looking into.

mclow.lists accepted this revision.Oct 1 2018, 9:12 AM

Ok. I'm fine with this. Thanks for your patience.

MaskRay edited the summary of this revision. (Show Details)Oct 1 2018, 10:12 AM
Closed by commit rL343503: Remove redundant null pointer check in operator delete (authored by MaskRay). · Explain WhyOct 1 2018, 10:22 AM
This revision was automatically updated to reflect the committed changes.
MaskRay mentioned this in D75795: [libc++abi] Change __cxa_finalize return type to void.Mar 10 2020, 10:11 PM
MaskRay mentioned this in D93339: [libc++abi] Remove redundant null pointer check in operator delete.Dec 15 2020, 1:39 PM
MaskRay mentioned this in rGef74f0fdc339: [libc++abi] Remove redundant null pointer check in operator delete.Dec 16 2020, 1:29 PM

Revision Contents

PathSize
libcxx/
trunk/
src/
8 lines

Diff 167768

libcxx/trunk/src/new.cpp

Show First 20 LinesShow All 129 Lines▼ Show 20 Lines
#endif // _LIBCPP_NO_EXCEPTIONS #endif // _LIBCPP_NO_EXCEPTIONS
return p; return p;
} }
_LIBCPP_WEAK _LIBCPP_WEAK
void void
operator delete(void* ptr) _NOEXCEPT operator delete(void* ptr) _NOEXCEPT
{ {
if (ptr)
::free(ptr); ::free(ptr);
} }
_LIBCPP_WEAK _LIBCPP_WEAK
void void
operator delete(void* ptr, const std::nothrow_t&) _NOEXCEPT operator delete(void* ptr, const std::nothrow_t&) _NOEXCEPT
{ {
::operator delete(ptr); ::operator delete(ptr);
} }
▲ Show 20 LinesShow All 104 Lines▼ Show 20 Lines
#endif // _LIBCPP_NO_EXCEPTIONS #endif // _LIBCPP_NO_EXCEPTIONS
return p; return p;
} }
_LIBCPP_WEAK _LIBCPP_WEAK
void void
operator delete(void* ptr, std::align_val_t) _NOEXCEPT operator delete(void* ptr, std::align_val_t) _NOEXCEPT
{ {
if (ptr)
#if defined(_LIBCPP_MSVCRT_LIKE) #if defined(_LIBCPP_MSVCRT_LIKE)
::_aligned_free(ptr); ::_aligned_free(ptr);
#else #else
::free(ptr); ::free(ptr);
#endif #endif
} }
_LIBCPP_WEAK _LIBCPP_WEAK
void void
operator delete(void* ptr, std::align_val_t alignment, const std::nothrow_t&) _NOEXCEPT operator delete(void* ptr, std::align_val_t alignment, const std::nothrow_t&) _NOEXCEPT
{ {
::operator delete(ptr, alignment); ::operator delete(ptr, alignment);
Show All 32 Lines