From 7e90e9424489b06ebe17a019f56eb3624ca091b2 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Mon, 12 Dec 2016 04:55:47 +0200 Subject: [PATCH] lib: *_new(): Use the new MALLOC_MULTIPLY() macro to avoid overflows Cast the sizeof() result to unsigned int, because it's definitely always enough and in many cases this allows optimizing away the wrap-check. --- src/lib/data-stack.h | 3 ++- src/lib/mempool.h | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/data-stack.h b/src/lib/data-stack.h index 72b5244ea1..da8791ef3c 100644 --- a/src/lib/data-stack.h +++ b/src/lib/data-stack.h @@ -92,7 +92,8 @@ bool t_try_realloc(void *mem, size_t size); size_t t_get_bytes_available(void) ATTR_PURE; #define t_new(type, count) \ - ((type *) t_malloc0(sizeof(type) * (count))) + ((type *) t_malloc0(MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \ + COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX)) /* Returns pointer to a temporary buffer you can use. The buffer will be invalid as soon as next t_malloc() is called! diff --git a/src/lib/mempool.h b/src/lib/mempool.h index 7fc52359d3..c796a0a9e0 100644 --- a/src/lib/mempool.h +++ b/src/lib/mempool.h @@ -69,7 +69,8 @@ pool_t pool_datastack_create(void); size_t pool_get_exp_grown_size(pool_t pool, size_t old_size, size_t min_size); #define p_new(pool, type, count) \ - ((type *) p_malloc(pool, sizeof(type) * (count))) + ((type *) p_malloc(pool, MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \ + COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX)) static inline void * ATTR_MALLOC ATTR_RETURNS_NONNULL p_malloc(pool_t pool, size_t size) {