diff options
| author | Eric Blake <eblake@redhat.com> | 2011-04-27 15:54:30 -0600 |
|---|---|---|
| committer | Eric Blake <eblake@redhat.com> | 2011-04-28 14:21:25 -0600 |
| commit | bf18c9b4d8ab7f7e8db272594b5d2c8a8dd06b64 (patch) | |
| tree | ea9af0fb6442937d973dc716ce6ee822f247233f | |
| parent | 7cbc494f7cc150886b741e2af5051685d818f89c (diff) | |
| download | gnulib-bf18c9b4d8ab7f7e8db272594b5d2c8a8dd06b64.tar.gz | |
xalloc-oversized: new module
Due to inline functions, mere inclusion of xalloc.h can result
in a link dependency on xalloc_die() on some platforms. However,
there are several modules that want to use just xalloc_oversized
in order to short-circuit the potential to call xalloc_die.
Splitting the macro into a new header and module makes this easy.
* modules/xalloc-oversized: New module.
* modules/xalloc (Depends-on): Add it.
* lib/xalloc.h (xalloc_oversized): Move...
* lib/xalloc-oversized.h: ...into new file.
Signed-off-by: Eric Blake <eblake@redhat.com>
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | lib/xalloc-oversized.h | 38 | ||||
| -rw-r--r-- | lib/xalloc.h | 17 | ||||
| -rw-r--r-- | modules/xalloc | 1 | ||||
| -rw-r--r-- | modules/xalloc-oversized | 20 |
5 files changed, 66 insertions, 16 deletions
@@ -1,5 +1,11 @@ 2011-04-28 Eric Blake <eblake@redhat.com> + xalloc-oversized: new module + * modules/xalloc-oversized: New module. + * modules/xalloc (Depends-on): Add it. + * lib/xalloc.h (xalloc_oversized): Move... + * lib/xalloc-oversized.h: ...into new file. + utimecmp: drop dependency on xmalloc * lib/utimecmp.c (utimecmp): Work even if hash table cache fails due to memory pressure. diff --git a/lib/xalloc-oversized.h b/lib/xalloc-oversized.h new file mode 100644 index 0000000000..ab19bcf2f9 --- /dev/null +++ b/lib/xalloc-oversized.h @@ -0,0 +1,38 @@ +/* xalloc-oversized.h -- memory allocation size checking + + Copyright (C) 1990-2000, 2003-2004, 2006-2011 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. */ + +#ifndef XALLOC_OVERSIZED_H_ +# define XALLOC_OVERSIZED_H_ + +# include <stddef.h> + +/* Return 1 if an array of N objects, each of size S, cannot exist due + to size arithmetic overflow. S must be positive and N must be + nonnegative. This is a macro, not an inline function, so that it + works correctly even when SIZE_MAX < N. + + By gnulib convention, SIZE_MAX represents overflow in size + calculations, so the conservative dividend to use here is + SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value. + However, malloc (SIZE_MAX) fails on all known hosts where + sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for + exactly-SIZE_MAX allocations on such hosts; this avoids a test and + branch when S is known to be 1. */ +# define xalloc_oversized(n, s) \ + ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n)) + +#endif /* !XALLOC_OVERSIZED_H_ */ diff --git a/lib/xalloc.h b/lib/xalloc.h index 86b9b3e6e0..c1bbe7e5b6 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -20,6 +20,7 @@ # include <stddef.h> +# include "xalloc-oversized.h" # ifdef __cplusplus extern "C" { @@ -65,22 +66,6 @@ void *xmemdup (void const *p, size_t s) char *xstrdup (char const *str) _GL_ATTRIBUTE_MALLOC; -/* Return 1 if an array of N objects, each of size S, cannot exist due - to size arithmetic overflow. S must be positive and N must be - nonnegative. This is a macro, not an inline function, so that it - works correctly even when SIZE_MAX < N. - - By gnulib convention, SIZE_MAX represents overflow in size - calculations, so the conservative dividend to use here is - SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value. - However, malloc (SIZE_MAX) fails on all known hosts where - sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for - exactly-SIZE_MAX allocations on such hosts; this avoids a test and - branch when S is known to be 1. */ -# define xalloc_oversized(n, s) \ - ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n)) - - /* In the following macros, T must be an elementary or structure/union or typedef'ed type, or a pointer to such a type. To apply one of the following macros to a function pointer or array type, you need to typedef diff --git a/modules/xalloc b/modules/xalloc index 43ee94205c..0edcfc6eac 100644 --- a/modules/xalloc +++ b/modules/xalloc @@ -9,6 +9,7 @@ m4/xalloc.m4 Depends-on: inline xalloc-die +xalloc-oversized configure.ac: gl_XALLOC diff --git a/modules/xalloc-oversized b/modules/xalloc-oversized new file mode 100644 index 0000000000..708c621f30 --- /dev/null +++ b/modules/xalloc-oversized @@ -0,0 +1,20 @@ +Description: +Check for memory allocation overflow. Also see xalloc. + +Files: +lib/xalloc-oversized.h + +Depends-on: + +configure.ac: + +Makefile.am: + +Include: +"xalloc-oversized.h" + +License: +GPL + +Maintainer: +all |