mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 07:03:44 +01:00
Refactor the tor_calloc_ overflow check.
This commit is contained in:
parent
f179ff18f3
commit
aff6fa0b59
@ -195,16 +195,19 @@ tor_malloc_zero_(size_t size DMALLOC_PARAMS)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define SQRT_SIZE_MAX (((size_t) SIZE_MAX) >> (sizeof(size_t) * 8 / 2))
|
||||||
|
|
||||||
|
static INLINE int
|
||||||
|
size_mul_check(const size_t x, const size_t y)
|
||||||
|
{
|
||||||
|
return ((x <= SQRT_SIZE_MAX && y <= SQRT_SIZE_MAX) ||
|
||||||
|
y == 0 || x <= SIZE_MAX / y);
|
||||||
|
}
|
||||||
|
|
||||||
/** Allocate a chunk of <b>nmemb</b>*<b>size</b> bytes of memory, fill
|
/** Allocate a chunk of <b>nmemb</b>*<b>size</b> bytes of memory, fill
|
||||||
* the memory with zero bytes, and return a pointer to the result.
|
* the memory with zero bytes, and return a pointer to the result.
|
||||||
* Log and terminate the process on error. (Same as
|
* Log and terminate the process on error. (Same as
|
||||||
* calloc(<b>nmemb</b>,<b>size</b>), but never returns NULL.)
|
* calloc(<b>nmemb</b>,<b>size</b>), but never returns NULL.)
|
||||||
*
|
|
||||||
* XXXX This implementation probably asserts in cases where it could
|
|
||||||
* work, because it only tries dividing SIZE_MAX by size (according to
|
|
||||||
* the calloc(3) man page, the size of an element of the nmemb-element
|
|
||||||
* array to be allocated), not by nmemb (which could in theory be
|
|
||||||
* smaller than size). Don't do that then.
|
|
||||||
*/
|
*/
|
||||||
void *
|
void *
|
||||||
tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS)
|
tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS)
|
||||||
@ -215,13 +218,8 @@ tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS)
|
|||||||
* we're allocating something very big (it knows if it just got the memory
|
* we're allocating something very big (it knows if it just got the memory
|
||||||
* from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero
|
* from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero
|
||||||
* for big stuff, so we don't bother with calloc. */
|
* for big stuff, so we don't bother with calloc. */
|
||||||
void *result;
|
tor_assert(size_mul_check(nmemb, size));
|
||||||
size_t max_nmemb = (size == 0) ? SIZE_MAX : SIZE_MAX/size;
|
return tor_malloc_zero_((nmemb * size) DMALLOC_FN_ARGS);
|
||||||
|
|
||||||
tor_assert(nmemb < max_nmemb);
|
|
||||||
|
|
||||||
result = tor_malloc_zero_((nmemb * size) DMALLOC_FN_ARGS);
|
|
||||||
return result;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
|
/** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
|
||||||
|
Loading…
Reference in New Issue
Block a user