From 9769cd0d24699f003975284a76e3b055e84c7cfb Mon Sep 17 00:00:00 2001 From: Alex Richardson Date: Wed, 14 Dec 2022 23:55:21 +0000 Subject: [PATCH] gsignal.c: drop an optimization that is undefined behaviour Comparing reallocated pointers is UB, but this happens to work for now on most compilers. However, for CHERI systems if g_bsearch_array_insert() reallocs in-place then the new `hlbsa` pointer may have larger bounds than `o` and using the old pointer with the smaller bounds can result in a bounds error. I don't think this code is performance critical, so removing the optimization and inserting unconditionally should be fine. Currently, this realloc() UB rarely causes issues, but newer versions of GCC with _FORTIFY_SOURCE=3 might also be able to observe the valid memory range (assuming sufficient inlining). See https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level --- gobject/gsignal.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/gobject/gsignal.c b/gobject/gsignal.c index 04456ce1d..755a515d8 100644 --- a/gobject/gsignal.c +++ b/gobject/gsignal.c @@ -395,17 +395,9 @@ handler_list_ensure (guint signal_id, if (!hlbsa) { hlbsa = g_bsearch_array_create (&g_signal_hlbsa_bconfig); - hlbsa = g_bsearch_array_insert (hlbsa, &g_signal_hlbsa_bconfig, &key); - g_hash_table_insert (g_handler_list_bsa_ht, instance, hlbsa); - } - else - { - GBSearchArray *o = hlbsa; - - hlbsa = g_bsearch_array_insert (o, &g_signal_hlbsa_bconfig, &key); - if (hlbsa != o) - g_hash_table_insert (g_handler_list_bsa_ht, instance, hlbsa); } + hlbsa = g_bsearch_array_insert (hlbsa, &g_signal_hlbsa_bconfig, &key); + g_hash_table_insert (g_handler_list_bsa_ht, instance, hlbsa); return g_bsearch_array_lookup (hlbsa, &g_signal_hlbsa_bconfig, &key); }