-
- /// Raises an error if the offset moves the pointer outside of its allocation.
- /// For integers, we consider each of them their own tiny allocation of size 0,
- /// so offset-by-0 is okay for them -- except for NULL, which we rule out entirely.
- fn pointer_offset_inbounds(
- &self,
- ptr: Scalar<Tag>,
- pointee_ty: Ty<'tcx>,
- offset: i64,
- ) -> InterpResult<'tcx, Scalar<Tag>> {
- let pointee_size = i64::try_from(self.layout_of(pointee_ty)?.size.bytes()).unwrap();
- let offset = offset
- .checked_mul(pointee_size)
- .ok_or_else(|| err_panic!(Overflow(mir::BinOp::Mul)))?;
- // We do this first, to rule out overflows.
- let offset_ptr = ptr.ptr_signed_offset(offset, self)?;
- // What we need to check is that starting at `min(ptr, offset_ptr)`,
- // we could do an access of size `abs(offset)`. Alignment does not matter.
- let (min_ptr, abs_offset) = if offset >= 0 {
- (ptr, u64::try_from(offset).unwrap())
- } else {
- // Negative offset.
- // If the negation overflows, the result will be negative so the try_from will fail.
- (offset_ptr, u64::try_from(-offset).unwrap())
- };
- self.memory.check_ptr_access_align(
- min_ptr,
- Size::from_bytes(abs_offset),
- None,
- CheckInAllocMsg::InboundsTest,
- )?;
- // That's it!
- Ok(offset_ptr)
- }