mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-26 11:13:23 -03:00
Merge bitcoin/bitcoin#27930: util: Don't derive secure_allocator from std::allocator
07c59eda00
Don't derive secure_allocator from std::allocator (Casey Carter) Pull request description: Giving the C++ Standard Committee control of the public interface of your type means they will break it. C++23 adds a new `allocate_at_least` member to `std::allocator`. Very bad things happen when, say, `std::vector` uses `allocate_at_least` from `secure_allocator`'s base to allocate memory which it then tries to free with `secure_allocator::deallocate`. (Discovered by microsoft/STL#3712, which will be reverted by microsoft/STL#3819 before it ships.) ACKs for top commit: jonatack: re-ACK07c59eda00
no change since my previous ACK apart from squashing the commits achow101: ACK07c59eda00
john-moffett: ACK07c59eda00
Reviewed and tested. Performance appears unaffected in my environment. Tree-SHA512: 23606c40414d325f5605a9244d4dd50907fdf5f2fbf70f336accb3a2cb98baa8acd2972f46eab1b7fdec1d28a843a96b06083cd2d09791cda7c90ee218e5bbd5
This commit is contained in:
commit
32c15237b6
2 changed files with 40 additions and 37 deletions
|
@ -17,27 +17,14 @@
|
||||||
// out of memory and clears its contents before deletion.
|
// out of memory and clears its contents before deletion.
|
||||||
//
|
//
|
||||||
template <typename T>
|
template <typename T>
|
||||||
struct secure_allocator : public std::allocator<T> {
|
struct secure_allocator {
|
||||||
using base = std::allocator<T>;
|
using value_type = T;
|
||||||
using traits = std::allocator_traits<base>;
|
|
||||||
using size_type = typename traits::size_type;
|
|
||||||
using difference_type = typename traits::difference_type;
|
|
||||||
using pointer = typename traits::pointer;
|
|
||||||
using const_pointer = typename traits::const_pointer;
|
|
||||||
using value_type = typename traits::value_type;
|
|
||||||
secure_allocator() noexcept {}
|
|
||||||
secure_allocator(const secure_allocator& a) noexcept : base(a) {}
|
|
||||||
template <typename U>
|
|
||||||
secure_allocator(const secure_allocator<U>& a) noexcept : base(a)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
~secure_allocator() noexcept {}
|
|
||||||
template <typename Other>
|
|
||||||
struct rebind {
|
|
||||||
typedef secure_allocator<Other> other;
|
|
||||||
};
|
|
||||||
|
|
||||||
T* allocate(std::size_t n, const void* hint = nullptr)
|
secure_allocator() = default;
|
||||||
|
template <typename U>
|
||||||
|
secure_allocator(const secure_allocator<U>&) noexcept {}
|
||||||
|
|
||||||
|
T* allocate(std::size_t n)
|
||||||
{
|
{
|
||||||
T* allocation = static_cast<T*>(LockedPoolManager::Instance().alloc(sizeof(T) * n));
|
T* allocation = static_cast<T*>(LockedPoolManager::Instance().alloc(sizeof(T) * n));
|
||||||
if (!allocation) {
|
if (!allocation) {
|
||||||
|
@ -53,6 +40,17 @@ struct secure_allocator : public std::allocator<T> {
|
||||||
}
|
}
|
||||||
LockedPoolManager::Instance().free(p);
|
LockedPoolManager::Instance().free(p);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
template <typename U>
|
||||||
|
friend bool operator==(const secure_allocator&, const secure_allocator<U>&) noexcept
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
template <typename U>
|
||||||
|
friend bool operator!=(const secure_allocator&, const secure_allocator<U>&) noexcept
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// This is exactly like std::string, but with a custom allocator.
|
// This is exactly like std::string, but with a custom allocator.
|
||||||
|
|
|
@ -12,31 +12,36 @@
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
template <typename T>
|
template <typename T>
|
||||||
struct zero_after_free_allocator : public std::allocator<T> {
|
struct zero_after_free_allocator {
|
||||||
using base = std::allocator<T>;
|
using value_type = T;
|
||||||
using traits = std::allocator_traits<base>;
|
|
||||||
using size_type = typename traits::size_type;
|
zero_after_free_allocator() noexcept = default;
|
||||||
using difference_type = typename traits::difference_type;
|
|
||||||
using pointer = typename traits::pointer;
|
|
||||||
using const_pointer = typename traits::const_pointer;
|
|
||||||
using value_type = typename traits::value_type;
|
|
||||||
zero_after_free_allocator() noexcept {}
|
|
||||||
zero_after_free_allocator(const zero_after_free_allocator& a) noexcept : base(a) {}
|
|
||||||
template <typename U>
|
template <typename U>
|
||||||
zero_after_free_allocator(const zero_after_free_allocator<U>& a) noexcept : base(a)
|
zero_after_free_allocator(const zero_after_free_allocator<U>&) noexcept
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
~zero_after_free_allocator() noexcept {}
|
|
||||||
template <typename Other>
|
T* allocate(std::size_t n)
|
||||||
struct rebind {
|
{
|
||||||
typedef zero_after_free_allocator<Other> other;
|
return std::allocator<T>{}.allocate(n);
|
||||||
};
|
}
|
||||||
|
|
||||||
void deallocate(T* p, std::size_t n)
|
void deallocate(T* p, std::size_t n)
|
||||||
{
|
{
|
||||||
if (p != nullptr)
|
if (p != nullptr)
|
||||||
memory_cleanse(p, sizeof(T) * n);
|
memory_cleanse(p, sizeof(T) * n);
|
||||||
std::allocator<T>::deallocate(p, n);
|
std::allocator<T>{}.deallocate(p, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
template <typename U>
|
||||||
|
friend bool operator==(const zero_after_free_allocator&, const zero_after_free_allocator<U>&) noexcept
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
template <typename U>
|
||||||
|
friend bool operator!=(const zero_after_free_allocator&, const zero_after_free_allocator<U>&) noexcept
|
||||||
|
{
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue