fix(Any): Modifications to fix OSS Fuzz report (#4818)

Changes triggered by the OSS Fuzz report: https://issues.oss-fuzz.com/issues/42538385?pli=1 * fix(Any): set pHolder to nullptr in destruct() * enh(Any): modernised source code. * enh(Any): introduce allocation type (empty, local, external). * chore(Any): Apply suggestions from code review.
2025-02-15 10:55:25 +01:00 · 2025-01-08 17:01:27 +01:00 · 2025-01-08 17:01:27 +01:00 · bd7be38d6f
commit bd7be38d6f
parent 336e0e802f
2 changed files with 90 additions and 43 deletions
--- a/Foundation/include/Poco/Any.h
+++ b/Foundation/include/Poco/Any.h
@ -18,9 +18,9 @@

 #include "Poco/Exception.h"
 #include "Poco/MetaProgramming.h"
+#include "Poco/Bugcheck.h"
 #include <algorithm>
 #include <typeinfo>
-#include <cstring>
 #include <cstddef>


@ -60,7 +60,7 @@ union Placeholder
 	/// it will be placement-new-allocated into the local buffer
 	/// (i.e. there will be no heap-allocation). The local buffer size is one byte
 	/// larger - [POCO_SMALL_OBJECT_SIZE + 1], additional byte value indicating
-	/// where the object was allocated (0 => heap, 1 => local).
+	/// where the object was allocated. See enum Allocation.
 	///
 	/// Important: for SOO builds, only same-type (or trivial both-empty no-op)
 	/// swap operation is allowed.
@ -78,9 +78,12 @@ public:

 #ifndef POCO_NO_SOO

-	Placeholder(): pHolder(0)
+	Placeholder(): pHolder(nullptr)
 	{
-		std::memset(holder, 0, sizeof(holder));
+		// Forces to use optimised memset internally
+		// https://travisdowns.github.io/blog/2020/01/20/zero.html
+		std::fill(std::begin(holder), std::end(holder), static_cast<char>(0));
+		setAllocation(Allocation::POCO_ANY_EMPTY);
 	}

 	~Placeholder()
@ -101,32 +104,31 @@ public:

 	bool isEmpty() const
 	{
-		static char buf[sizeof(holder)] = {};
-		return 0 == std::memcmp(holder, buf, sizeof(holder));
+		return holder[SizeV] == Allocation::POCO_ANY_EMPTY;
 	}

 	bool isLocal() const
 	{
-		return holder[SizeV] != 0;
+		return holder[SizeV] == Allocation::POCO_ANY_LOCAL;
 	}

 	template<typename T, typename V,
-		typename std::enable_if<TypeSizeLE<T, Placeholder::Size::value>::value>::type* = nullptr>
+		typename std::enable_if_t<TypeSizeLE<T, Placeholder::Size::value>::value>* = nullptr>
 	PlaceholderT* assign(const V& value)
 	{
 		erase();
 		new (reinterpret_cast<PlaceholderT*>(holder)) T(value);
-		setLocal(true);
+		setAllocation(Allocation::POCO_ANY_LOCAL);
 		return reinterpret_cast<PlaceholderT*>(holder);
 	}

 	template<typename T, typename V,
-		typename std::enable_if<TypeSizeGT<T, Placeholder::Size::value>::value>::type* = nullptr>
+		typename std::enable_if_t<TypeSizeGT<T, Placeholder::Size::value>::value>* = nullptr>
 	PlaceholderT* assign(const V& value)
 	{
 		erase();
 		pHolder = new T(value);
-		setLocal(false);
+		setAllocation(Allocation::POCO_ANY_EXTERNAL);
 		return pHolder;
 	}

@ -139,24 +141,54 @@ public:
 	}

 private:
-	typedef std::max_align_t AlignerType;
-	static_assert(sizeof(AlignerType) <= SizeV + 1, "Aligner type is bigger than the actual storage, so SizeV should be made bigger otherwise you simply waste unused memory.");
+	using AlignerType = std::max_align_t;
+	static_assert(
+		sizeof(AlignerType) < SizeV,
+		"Aligner type is bigger than the actual storage, so SizeV should be made bigger otherwise you simply waste unused memory."
+	);

-	void setLocal(bool local) const
+	enum Allocation : unsigned char
 	{
-		holder[SizeV] = local ? 1 : 0;
+		POCO_ANY_EMPTY = 0,
+		POCO_ANY_LOCAL = 1,
+		POCO_ANY_EXTERNAL = 2
+	};
+
+	void setAllocation(Allocation alloc) const
+	{
+		holder[SizeV] = alloc;
 	}

 	void destruct(bool clear)
 	{
-		if (!isEmpty())
+		const auto allocation {holder[SizeV]};
+		switch (allocation)
 		{
-			if (!isLocal())
-				delete pHolder;
-			else
-				reinterpret_cast<PlaceholderT*>(holder)->~PlaceholderT();
-
-			if (clear) std::memset(holder, 0, sizeof(holder));
+		case Allocation::POCO_ANY_EMPTY:
+			break;
+		case Allocation::POCO_ANY_LOCAL:
+			{
+				// Do not deallocate, just explicitly call destructor
+				auto* h { reinterpret_cast<PlaceholderT*>(holder) };
+				h->~PlaceholderT();
+			}
+			break;
+		case Allocation::POCO_ANY_EXTERNAL:
+			{
+				auto* h { pHolder };
+				pHolder = nullptr;
+				delete h;
+			}
+			break;
+		default:
+			poco_bugcheck();
+			break;
+		}
+		setAllocation(Allocation::POCO_ANY_EMPTY);
+		if (clear)
+		{
+			// Force to use optimised memset internally
+			std::fill(std::begin(holder), std::end(holder), static_cast<char>(0));
 		}
 	}

@ -165,7 +197,7 @@ private:

 #else // POCO_NO_SOO

-	Placeholder(): pHolder(0)
+	Placeholder(): pHolder(nullptr)
 	{
 	}

@ -182,12 +214,12 @@ private:
 	void erase()
 	{
 		delete pHolder;
-		pHolder = 0;
+		pHolder = nullptr;
 	}

 	bool isEmpty() const
 	{
-		return 0 == pHolder;
+		return nullptr == pHolder;
 	}

 	bool isLocal() const
@ -225,10 +257,8 @@ class Any
 {
 public:

-	Any()
+	Any() = default;
 		/// Creates an empty any type.
-	{
-	}

 	template<typename ValueType>
 	Any(const ValueType & value)
@ -248,12 +278,19 @@ public:
 			construct(other);
 	}

-	~Any()
-		/// Destructor. If Any is locally held, calls ValueHolder destructor;
-		/// otherwise, deletes the placeholder from the heap.
+	Any(Any&& other)
+		/// Move constructor, works with both empty and initialized Any values.
 	{
+		construct(other);
 	}

+	~Any() = default;
+		/// Destructor.
+		/// Small Object Optimization mode behavior:
+		/// Invokes the Placeholder destructor, which calls the
+		/// ValueHolder destructor explicitly (locally held Any), or
+		/// deletes the ValueHolder heap memory (heap-allocated Any).
+
 	Any& swap(Any& other) noexcept
 		/// Swaps the content of the two Anys.
 		///
@ -298,11 +335,23 @@ public:
 	Any& operator = (const Any& rhs)
 		/// Assignment operator for Any.
 	{
-		if ((this != &rhs) && !rhs.empty())
-			construct(rhs);
-		else if ((this != &rhs) && rhs.empty())
-			_valueHolder.erase();
+		if (this != &rhs)
+		{
+			if (!rhs.empty())
+				construct(rhs);
+			else
+				_valueHolder.erase();
+		}
+		return *this;
+	}

+	Any& operator = (Any&& rhs)
+		/// Move operator for Any.
+	{
+		if (!rhs.empty())
+			construct(rhs);
+		else
+			_valueHolder.erase();
 		return *this;
 	}

@ -347,21 +396,19 @@ private:
 		{
 		}

-		virtual const std::type_info& type() const
+		Holder & operator = (const Holder &) = delete;
+
+		const std::type_info& type() const override
 		{
 			return typeid(ValueType);
 		}

-		virtual void clone(Placeholder<ValueHolder>* pPlaceholder) const
+		void clone(Placeholder<ValueHolder>* pPlaceholder) const override
 		{
 			pPlaceholder->assign<Holder<ValueType>, ValueType>(_held);
 		}

 		ValueType _held;
-
-	private:
-
-		Holder & operator = (const Holder &);
 	};

 	ValueHolder* content() const
--- a/Foundation/include/Poco/NumericString.h
+++ b/Foundation/include/Poco/NumericString.h
@ -369,10 +369,10 @@ namespace Impl {
 };

 template <typename T>
-using EnableSigned = typename std::enable_if< std::is_signed<T>::value >::type*;
+using EnableSigned = typename std::enable_if_t< std::is_signed<T>::value >*;

 template <typename T>
-using EnableUnsigned = typename std::enable_if< std::is_unsigned<T>::value >::type*;
+using EnableUnsigned = typename std::enable_if_t< std::is_unsigned<T>::value >*;

 } // namespace Impl