Minor tweaks to recent UBSan-related fix

* src/alloc.c: No need to include stdalign.h; it’s pervasive.
(GC_STRING_OVERRUN_COOKIE_SIZE): Align to sdata’s alignment,
so that the code works even if alignof (sdata) exceeds 8.
Don’t require the cookie size to be 8, as this overly fattens
32-bit platforms and one DEADBEEF should be enough.
(GC_STRING_EXTRA): Omit now-unnecessary ‘verify’.
(allocate_string_data): Omit unnecessary cast.

diff --git a/src/alloc.c b/src/alloc.c
index 3b5e3bb9b01a5e85836f9d9c2c8f0cf0e058c057..c4ef4e96863a7a57db903ad363dc5d0b0ce909c2 100644 (file)
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -21,7 +21,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #include <config.h>
 
 #include <errno.h>
-#include <stdalign.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -1576,16 +1575,15 @@ static struct Lisp_String *string_free_list;
 
 #ifdef GC_CHECK_STRING_OVERRUN
 
-/* We check for overrun in string data blocks by appending a small
+/* Check for overrun in string data blocks by appending a small
    "cookie" after each allocated string data block, and check for the
    presence of this cookie during GC.  */
-
-#define GC_STRING_OVERRUN_COOKIE_SIZE  8
+# define GC_STRING_OVERRUN_COOKIE_SIZE ROUNDUP (4, alignof (sdata))
 static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
-  { '\xde', '\xad', '\xbe', '\xef', '\xde', '\xad', '\xbe', '\xef' };
+  { '\xde', '\xad', '\xbe', '\xef', /* Perhaps some zeros here.  */ };
 
 #else
-#define GC_STRING_OVERRUN_COOKIE_SIZE 0
+# define GC_STRING_OVERRUN_COOKIE_SIZE 0
 #endif
 
 /* Value is the size of an sdata structure large enough to hold NBYTES
@@ -1615,13 +1613,7 @@ static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
 #endif /* not GC_CHECK_STRING_BYTES */
 
 /* Extra bytes to allocate for each string.  */
-
-#define GC_STRING_EXTRA (GC_STRING_OVERRUN_COOKIE_SIZE)
-
-/* Make sure that allocating the extra bytes doesn't misalign
-   `sdata'.  */
-
-verify (GC_STRING_EXTRA % alignof (sdata) == 0);
+#define GC_STRING_EXTRA GC_STRING_OVERRUN_COOKIE_SIZE
 
 /* Exact bound on the number of bytes in a string, not counting the
    terminating NUL.  A string cannot contain more bytes than
@@ -1882,7 +1874,7 @@ allocate_string_data (struct Lisp_String *s,
 
   data->string = s;
   b->next_free = (sdata *) ((char *) data + needed + GC_STRING_EXTRA);
-  eassert ((uintptr_t) (char *) b->next_free % alignof (sdata) == 0);
+  eassert ((uintptr_t) b->next_free % alignof (sdata) == 0);
 
   MALLOC_UNBLOCK_INPUT;