From fe6c507f5ce0fd744b5bd1d0db6ea175e1188a7f Mon Sep 17 00:00:00 2001
From: Philipp Stephani <phst@google.com>
Date: Thu, 25 Apr 2019 21:28:46 +0200
Subject: [PATCH] =?utf8?q?Make=20sure=20that=20=E2=80=98sdata=E2=80=99=20o?=
 =?utf8?q?bjects=20in=20=E2=80=98sblock=E2=80=99=20objects=20are=20aligned?=
 =?utf8?q?.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Issue found by Clangâs UBSan.

* src/alloc.c (GC_STRING_OVERRUN_COOKIE_SIZE): Increase to 8.
(string_overrun_cookie): Extend accordingly.
(GC_STRING_EXTRA): Ensure that itâs properly aligned for âsdataâ.
(allocate_string_data): Verify that âsdataâ blocks remain aligned.
---
 src/alloc.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/alloc.c b/src/alloc.c
index 402fada1ad2..3b5e3bb9b01 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -21,6 +21,8 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #include <config.h>
 
 #include <errno.h>
+#include <stdalign.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <limits.h>		/* For CHAR_BIT.  */
@@ -1578,9 +1580,9 @@ static struct Lisp_String *string_free_list;
    "cookie" after each allocated string data block, and check for the
    presence of this cookie during GC.  */
 
-#define GC_STRING_OVERRUN_COOKIE_SIZE	4
+#define GC_STRING_OVERRUN_COOKIE_SIZE	8
 static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
-  { '\xde', '\xad', '\xbe', '\xef' };
+  { '\xde', '\xad', '\xbe', '\xef', '\xde', '\xad', '\xbe', '\xef' };
 
 #else
 #define GC_STRING_OVERRUN_COOKIE_SIZE 0
@@ -1616,6 +1618,11 @@ static char const string_overrun_cookie[GC_STRING_OVERRUN_COOKIE_SIZE] =
 
 #define GC_STRING_EXTRA (GC_STRING_OVERRUN_COOKIE_SIZE)
 
+/* Make sure that allocating the extra bytes doesn't misalign
+   `sdata'.  */
+
+verify (GC_STRING_EXTRA % alignof (sdata) == 0);
+
 /* Exact bound on the number of bytes in a string, not counting the
    terminating NUL.  A string cannot contain more bytes than
    STRING_BYTES_BOUND, nor can it be so long that the size_t
@@ -1875,6 +1882,7 @@ allocate_string_data (struct Lisp_String *s,
 
   data->string = s;
   b->next_free = (sdata *) ((char *) data + needed + GC_STRING_EXTRA);
+  eassert ((uintptr_t) (char *) b->next_free % alignof (sdata) == 0);
 
   MALLOC_UNBLOCK_INPUT;
 
-- 
2.39.2