|
From: | Paul Eggert |
Subject: | Re: Concurrency has landed |
Date: | Fri, 23 Dec 2016 17:51:45 -0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
Stefan Monnier wrote:
I really can't imagine an architecture where "p1 - p2" is valid C code (i.e. both p1 and p2 point inside the same object) and works before `free` yet it doesn't give the same answer after `free`.
That's not what the code in question does. p1 addresses a newly allocated object, and p2 is a dangling pointer that addresses the old (freed) object.
The problem with -fcheck-pointer-bounds does not occur when the program computes p1 - p2, as the program still gets a valid integer. The problem occurs later, when Emacs computes q + (p1 - p2), where q is a dangling pointer into the old object. On conventional architectures this has the same value as (q - p2) + p1, but that's not true with -fcheck-pointer-bounds, which attaches q's bounds (which are now invalid) to the resulting pointer.
[Prev in Thread] | Current Thread | [Next in Thread] |