diff options
Diffstat (limited to 'src/lib/malloc-overflow.h')
| -rw-r--r-- | src/lib/malloc-overflow.h | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/src/lib/malloc-overflow.h b/src/lib/malloc-overflow.h new file mode 100644 index 0000000..108cc00 --- /dev/null +++ b/src/lib/malloc-overflow.h @@ -0,0 +1,54 @@ +#ifndef MALLOC_OVERFLOW_H +#define MALLOC_OVERFLOW_H + +/* MALLOC_*() can be used to calculate memory allocation sizes. If there's an + overflow, it'll cleanly panic instead of causing a potential buffer + overflow. + + Note that *_malloc(size+1) doesn't need to use MALLOC_ADD(size, 1). It wraps + to size==0 and the *_malloc() calls already panic if size==0. */ +static inline size_t +malloc_multiply_check(size_t a, size_t b, size_t sizeof_a, size_t sizeof_b, + const char *fname, unsigned int linenum) +{ + /* the first sizeof-checks are intended to optimize away this entire + if-check for types that are small enough to never wrap size_t. */ + if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && + b != 0 && (a > SIZE_MAX / b)) { + i_panic("file %s: line %d: memory allocation overflow: %zu * %zu", + fname, linenum, a, b); + } + return a * b; +} +#ifndef STATIC_CHECKER +# define MALLOC_MULTIPLY(a, b) \ + malloc_multiply_check(a, b, sizeof(a), sizeof(b), __FILE__, __LINE__) +#else +/* avoid warning every time about sizeof(b) when b contains any arithmetic */ +# define MALLOC_MULTIPLY(a, b) \ + malloc_multiply_check(a, b, sizeof(a), sizeof(size_t), __FILE__, __LINE__) +#endif + +static inline size_t +malloc_add_check(size_t a, size_t b, size_t sizeof_a, size_t sizeof_b, + const char *fname, unsigned int linenum) +{ + /* the first sizeof-checks are intended to optimize away this entire + if-check for types that are small enough to never wrap size_t. */ + if ((sizeof_a >= sizeof(size_t) || sizeof_b >= sizeof(size_t)) && + SIZE_MAX - a < b) { + i_panic("file %s: line %d: memory allocation overflow: %zu + %zu", + fname, linenum, a, b); + } + return a + b; +} +#ifndef STATIC_CHECKER +# define MALLOC_ADD(a, b) \ + malloc_add_check(a, b, sizeof(a), sizeof(b), __FILE__, __LINE__) +#else +/* avoid warning every time about sizeof(b) when b contains any arithmetic */ +# define MALLOC_ADD(a, b) \ + malloc_add_check(a, b, sizeof(a), sizeof(size_t), __FILE__, __LINE__) +#endif + +#endif |