Narrow pointer bounds when appropriate

This typically occurs in a storage manager, where the caller
is expected to access only the newly-allocated object,
instead of using the returned value to access unrelated
parts of the heap.
* src/alloc.c (allocate_string, allocate_string_data)
(compact_small_strings, find_string_data_in_pure)
(sweep_strings, setup_on_free_list, allocate_vectorlike
(pure_alloc):
* src/bytecode.c (exec_byte_code):
* src/callint.c (Fcall_interactively):
* src/dispnew.c (scrolling):
* src/editfns.c (styled_format):
* src/frame.c (xrdb_get_resource, x_get_resource_string):
* src/fringe.c (Fdefine_fringe_bitmap):
* src/gmalloc.c (malloc, realloc, aligned_alloc):
Narrow pointer bounds when appropriate.
* src/alloc.c (SDATA_OF_STRING):
* src/lisp.h (make_lisp_symbol) [__CHKP__]:
Widen bounds here, though.
* src/bytecode.c, src/callint.c, src/dispnew.c, src/editfns.c:
* src/emacs.c, src/frame.c, src/fringe.c:
Include ptr-bounds.h.
* src/ptr-bounds.h (ptr_bounds_clip): New function.

1 files changed, 7 insertions, 2 deletions

diff --git a/src/lisp.h b/src/lisp.h
index 8947c59077e..56545b70946 100644
--- a/src/lisp.h
+++ b/src/lisp.h
@@ -916,9 +916,14 @@ INLINE Lisp_Object
 make_lisp_symbol (struct Lisp_Symbol *sym)
 {
 #ifdef __CHKP__
-  char *symoffset = (char *) sym - (intptr_t) lispsym;
+  /* Although this should use '__builtin___bnd_narrow_ptr_bounds (sym,
+     sym, sizeof *sym)', that would run afoul of GCC bug 83251
+     <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83251>.  */
+  char *addr = __builtin___bnd_set_ptr_bounds (sym, sizeof *sym);
+  char *symoffset = addr - (intptr_t) lispsym;
 #else
-  /* If !__CHKP__ this is equivalent, and is a bit faster as of GCC 7.  */
+  /* If !__CHKP__, GCC 7 x86-64 generates faster code if lispsym is
+     cast to char * rather than to intptr_t.  */
   char *symoffset = (char *) ((char *) sym - (char *) lispsym);
 #endif
   Lisp_Object a = TAG_PTR (Lisp_Symbol, symoffset);