Re: mallocarray(9)

Thu, 10 Jul 2014 10:29:20 -0700 

On Thu, Jul 10, 2014 at 10:28:35AM -0700, Matthew Dempsky wrote:
> +/*
> + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
> + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
> + */
> +#define MUL_NO_OVERFLOW      (1UL << (sizeof(size_t) * 4))
> +
> +void *
> +mallocarray(unsigned long nmemb, unsigned long size, int type, int flags)
> +{
> +     if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
> +         nmemb > 0 && SIZE_MAX / nmemb < size) {
> +             if (flags & M_CANFAIL)
> +                     return (NULL);
> +             panic("overflow");
> +     }
> +     return (malloc(size * nmemb, type, flags));
> +}

Oops, didn't fully convert size_t -> unsigned long to match malloc(9).
(size_t *is* unsigned long currently on all of our architectures, but
technically that's supposed to be opaque.)

Fixed kern_mallocarray.c below.


/*      $OpenBSD$       */
/*
 * Copyright (c) 2008 Otto Moerbeek <[email protected]>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/param.h>
#include <sys/limits.h>
#include <sys/malloc.h>
#include <sys/systm.h>

/*
 * This is sqrt(ULONG_MAX+1), as s1*s2 <= ULONG_MAX
 * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
 */
#define MUL_NO_OVERFLOW (1UL << (sizeof(unsigned long) * 4))

void *
mallocarray(unsigned long nmemb, unsigned long size, int type, int flags)
{
        if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
            nmemb > 0 && ULONG_MAX / nmemb < size) {
                if (flags & M_CANFAIL)
                        return (NULL);
                panic("overflow");
        }
        return (malloc(size * nmemb, type, flags));
}

Reply via email to