Mercurial > dovecot > core-2.2
view src/lib/malloc-overflow.h @ 21319:a3bbf15ea8d7
lib: Add MALLOC_MULTIPLY() and MALLOC_ADD()
These can be used for calculating memory allocation sizes. If there's an
overflow, the macro panics.
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Mon, 12 Dec 2016 04:53:02 +0200 |
parents | |
children | bc9fe0a33b0a |
line wrap: on
line source
#ifndef MALLOC_OVERFLOW_H #define MALLOC_OVERFLOW_H /* MALLOC_*() can be used to calculate memory allocation sizes. If there's an overflow, it'll cleanly panic instead of causing a potential buffer overflow. Note that *_malloc(size+1) doesn't need to use MALLOC_ADD(size, 1). It wraps to size==0 and the *_malloc() calls already panic if size==0. */ static inline size_t malloc_multiply_check(size_t a, size_t b, size_t sizeof_a, size_t sizeof_b, const char *fname, unsigned int linenum) { /* the first sizeof-checks are intended to optimize away this entire if-check for types that are small enough to never wrap size_t. */ if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && b != 0 && (a > SIZE_MAX / b)) { i_panic("file %s: line %d: memory allocation overflow: " "%" PRIuSIZE_T" * %" PRIuSIZE_T, fname, linenum, a, b); } return a * b; } #define MALLOC_MULTIPLY(a, b) \ malloc_multiply_check(a, b, sizeof(a), sizeof(b), __FILE__, __LINE__) static inline size_t malloc_add_check(size_t a, size_t b, size_t sizeof_a, size_t sizeof_b, const char *fname, unsigned int linenum) { /* the first sizeof-checks are intended to optimize away this entire if-check for types that are small enough to never wrap size_t. */ if ((sizeof_a >= sizeof(size_t) || sizeof_b >= sizeof(size_t)) && SIZE_MAX - a < b) { i_panic("file %s: line %d: memory allocation overflow: " "%" PRIuSIZE_T" + %" PRIuSIZE_T, fname, linenum, a, b); } return a + b; } #define MALLOC_ADD(a, b) \ malloc_add_check(a, b, sizeof(a), sizeof(b), __FILE__, __LINE__) #endif