On Mon, Jun 16, 2014 at 10:01 AM, Bernhard Reutner-Fischer <rep.dot....@gmail.com> wrote: > On 16 June 2014 08:20:09 Janne Blomqvist <blomqvist.ja...@gmail.com> wrote: > >> On Sun, Jun 15, 2014 at 8:23 AM, Bernhard Reutner-Fischer >> <rep.dot....@gmail.com> wrote: >> > >> >> >> On Tue, May 20, 2014 at 12:42 AM, Janne Blomqvist >> >> >> <blomqvist.ja...@gmail.com> wrote: >> >> >>> On Thu, May 15, 2014 at 1:00 AM, Janne Blomqvist >> >> >>> <blomqvist.ja...@gmail.com> wrote: >> >> >>>> Hi, >> >> >>>> >> >> >>>> a common malloc() pattern is "malloc(num_foo * sizeof(foo_t)", >> >> >>>> that >> >> >>>> is, create space for an array of type foo_t with num_foo elements. >> >> >>>> There is a slight danger here in that the multiplication can >> >> >>>> overflow >> >> >>>> and wrap around, and then the caller thinks it has a larger array >> >> >>>> than >> >> >>>> what malloc has actually created. The attached patch changes the >> >> >>>> libgfortran xmalloc() function to have an API similar to calloc() >> >> >>>> with >> >> >>>> two arguments, and the implementation checks for wraparound. >> >> >>> >> >> >>> Hello, >> >> >>> >> >> >>> attached is an updated patch which instead introduces a new >> >> >>> function, >> >> >>> xmallocarray, with the overflow check, and leaves the existing >> >> >>> xmalloc >> >> >>> as is. Thus avoiding the extra checking in the common case where >> >> >>> one >> >> >>> of the arguments to xmallocarray would be 1. >> >> >>> >> >> >>> Tested on x86_64-unknown-linux-gnu, Ok for trunk? >> >> >>> >> > >> > >> > I would prefer if xcmalloc would not be named xmallocarray. >> >> Hmm, never heard of that one before, but I have no particular > > > Great, I fat-fingered it, meant xcalloc.
Ah well, we already have xcalloc, which is a calloc() wrapper. The intention of the new function here is to be a malloc() wrapper, but with an overflow check. There is no need to zero the memory, hence calloc() is not appropriate. -- Janne Blomqvist
