pxcloud/spice-common
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice-common synced 2026-01-03 15:58:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New memory allocators that exit on OOM and handle multiplication overflow

Browse Source 
Every place that does a regular malloc/calloc and aborts on failure
should use spice_malloc/spice_mallo0 instead, which is leaner and cleaner.

Allocations of dynamically sized arrays can use g_malloc_n or g_new etc
which correctly handle multiplication overflow if some of the arguments
are not trusted.
This commit is contained in:
Alexander Larsson 2010-03-09 12:23:49 +01:00 committed by Marc-André Lureau
parent 1327d81492
commit 59b330b4d2
2 changed files with 232 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
common/mem.c Normal file
View File

@ -0,0 +1,150 @@
/* -*- Mode: C; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
Copyright (C) 2010 Red Hat, Inc.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "mem.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#ifndef MALLOC_ERROR
#define MALLOC_ERROR(format, ...) { \
printf(format "\n", ## __VA_ARGS__); \
abort(); \
}
#endif
char *spice_strdup(const char *str)
{
char *copy;
copy = (char *)spice_malloc(strlen(str) + 1);
strcpy(copy, str);
return copy;
}
void *spice_memdup(const void *mem, size_t n_bytes)
{
void *copy;
copy = spice_malloc(n_bytes);
memcpy(copy, mem, n_bytes);
return copy;
}
void *spice_malloc(size_t n_bytes)
{
void *mem;
if (SPICE_LIKELY(n_bytes)) {
mem = malloc(n_bytes);
if (SPICE_LIKELY(mem != NULL)) {
return mem;
}
MALLOC_ERROR("spice_malloc: panic: unable to allocate %lu bytes\n",
(unsigned long)n_bytes);
}
return NULL;
}
void *spice_malloc0(size_t n_bytes)
{
void *mem;
if (SPICE_LIKELY(n_bytes)) {
mem = calloc(1, n_bytes);
if (SPICE_LIKELY(mem != NULL)) {
return mem;
}
MALLOC_ERROR("spice_malloc0: panic: unable to allocate %lu bytes\n",
(unsigned long)n_bytes);
}
return NULL;
}
void *spice_realloc(void *mem, size_t n_bytes)
{
if (SPICE_LIKELY(n_bytes)) {
mem = realloc(mem, n_bytes);
if (SPICE_LIKELY(mem != NULL)) {
return mem;
}
MALLOC_ERROR("spice_realloc: panic: unable to allocate %lu bytes\n",
(unsigned long)n_bytes);
}
if (mem) {
free(mem);
}
return NULL;
}
#define SIZE_OVERFLOWS(a,b) (SPICE_UNLIKELY ((a) > SIZE_MAX / (b)))
void *spice_malloc_n(size_t n_blocks, size_t n_block_bytes)
{
if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
MALLOC_ERROR("spice_malloc_n: overflow allocating %lu*%lu bytes",
(unsigned long)n_blocks, (unsigned long)n_block_bytes);
}
return spice_malloc(n_blocks * n_block_bytes);
}
void *spice_malloc_n_m(size_t n_blocks, size_t n_block_bytes, size_t extra_size)
{
size_t size1, size2;
if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
MALLOC_ERROR("spice_malloc_n: overflow allocating %lu*%lu + %lubytes",
(unsigned long)n_blocks, (unsigned long)n_block_bytes, (unsigned long)extra_size);
}
size1 = n_blocks * n_block_bytes;
size2 = size1 + extra_size;
if (size2 < size1) {
MALLOC_ERROR("spice_malloc_n: overflow allocating %lu*%lu + %lubytes",
(unsigned long)n_blocks, (unsigned long)n_block_bytes, (unsigned long)extra_size);
}
return spice_malloc(size2);
}
void *spice_malloc0_n(size_t n_blocks, size_t n_block_bytes)
{
if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
MALLOC_ERROR("spice_malloc0_n: overflow allocating %lu*%lu bytes",
(unsigned long)n_blocks, (unsigned long)n_block_bytes);
}
return spice_malloc0 (n_blocks * n_block_bytes);
}
void *spice_realloc_n(void *mem, size_t n_blocks, size_t n_block_bytes)
{
if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
MALLOC_ERROR("spice_realloc_n: overflow allocating %lu*%lu bytes",
(unsigned long)n_blocks, (unsigned long)n_block_bytes);
}
return spice_realloc(mem, n_blocks * n_block_bytes);
}

82
common/mem.h Normal file
View File

@ -0,0 +1,82 @@
/* -*- Mode: C; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
Copyright (C) 2010 Red Hat, Inc.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _H_MEM
#define _H_MEM
#include <stdlib.h>
#include <spice/macros.h>
char *spice_strdup(const char *str) SPICE_GNUC_MALLOC;
void *spice_memdup(const void *mem, size_t n_bytes) SPICE_GNUC_MALLOC;
void *spice_malloc(size_t n_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE(1);
void *spice_malloc0(size_t n_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE(1);
void *spice_realloc(void *mem, size_t n_bytes) SPICE_GNUC_WARN_UNUSED_RESULT;
void *spice_malloc_n(size_t n_blocks, size_t n_block_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE2(1,2);
void *spice_malloc_n_m(size_t n_blocks, size_t n_block_bytes, size_t extra_size) SPICE_GNUC_MALLOC;
void *spice_malloc0_n(size_t n_blocks, size_t n_block_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE2(1,2);
void *spice_realloc_n(void *mem, size_t n_blocks, size_t n_block_bytes) SPICE_GNUC_WARN_UNUSED_RESULT;
/* Optimise: avoid the call to the (slower) _n function if we can
* determine at compile-time that no overflow happens.
*/
#if defined (__GNUC__) && (__GNUC__ >= 2) && defined (__OPTIMIZE__)
# define _SPICE_NEW(struct_type, n_structs, func) \
(struct_type *) (__extension__ ({ \
size_t __n = (size_t) (n_structs); \
size_t __s = sizeof (struct_type); \
void *__p; \
if (__s == 1) \
__p = spice_##func (__n); \
else if (__builtin_constant_p (__n) && \
__n <= SIZE_MAX / __s) \
__p = spice_##func (__n * __s); \
else \
__p = spice_##func##_n (__n, __s); \
__p; \
}))
# define _SPICE_RENEW(struct_type, mem, n_structs, func) \
(struct_type *) (__extension__ ({ \
size_t __n = (size_t) (n_structs); \
size_t __s = sizeof (struct_type); \
void *__p = (void *) (mem); \
if (__s == 1) \
__p = spice_##func (__p, __n); \
else if (__builtin_constant_p (__n) && \
__n <= SIZE_MAX / __s) \
__p = spice_##func (__p, __n * __s); \
else \
__p = spice_##func##_n (__p, __n, __s); \
__p; \
}))
#else
/* Unoptimised version: always call the _n() function. */
#define _SPICE_NEW(struct_type, n_structs, func) \
((struct_type *) spice_##func##_n ((n_structs), sizeof (struct_type)))
#define _SPICE_RENEW(struct_type, mem, n_structs, func) \
((struct_type *) spice_##func##_n (mem, (n_structs), sizeof (struct_type)))
#endif
#define spice_new(struct_type, n_structs) _SPICE_NEW(struct_type, n_structs, malloc)
#define spice_new0(struct_type, n_structs) _SPICE_NEW(struct_type, n_structs, malloc0)
#define spice_renew(struct_type, mem, n_structs) _SPICE_RENEW(struct_type, mem, n_structs, realloc)
#endif