diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2021-04-18 20:50:55 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2021-04-18 20:59:52 -0700 |
commit | 5d5120d76b6e540c7e78332aa8302b3244b9ea02 (patch) | |
tree | 2b2fca5342515bc1c16c3e042aa27ea185f48580 /doc | |
parent | 751b5840a02cd42c42d3aaf90640d4636c4271d2 (diff) | |
download | gnulib-5d5120d76b6e540c7e78332aa8302b3244b9ea02.tar.gz |
safe-alloc: fix pointer implementation
The old implementation assumed that all pointers use the same
internal representation, but the C standard doesn’t guarantee
this. Use void * (pointer) not void ** (pointer-to-pointer) for
the internal functions’ API. The internal functions now return
NULL if and only if they failed, and the macros translate that
into -1 or 0 to satisfy the existing API.
* doc/safe-alloc.texi (Safe Allocation Macros): Mention overflow.
* lib/safe-alloc.c: Major rewrite. Now this simply
defines SAFE_ALLOC_INLINE and includes safe-alloc.h.
* lib/safe-alloc.h: Include stddef.h, not stdlib.h.
(SAFE_ALLOC_INLINE): New macro; use Gnulib inline function style.
(safe_alloc_realloc_n): New API, which passes and returns
the pointer, and which returns NULL if and only if failure occurs.
(safe_alloc_check): New function.
(ALLOC, ALLOC_N, ALLOC_N_UNINITIALIZED, REALLOC_N):
Redo using the new API for internal functions, and using calloc
which is good enough since it’s GNU-compatible now.
(FREE): Expand to an expression rather than merely to something
that needs a following ‘;’ to become a statement.
* modules/safe-alloc (Depends-on): Add calloc-gnu.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/safe-alloc.texi | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/safe-alloc.texi b/doc/safe-alloc.texi index d40ec65b63..e896e25982 100644 --- a/doc/safe-alloc.texi +++ b/doc/safe-alloc.texi @@ -13,6 +13,8 @@ Some of the memory allocation mistakes that are commonly made are passing the incorrect number of bytes to @code{malloc}, especially when allocating an array, @item +unchecked integer overflow when calculating array sizes, +@item fail to check the return value of @code{malloc} and @code{realloc} for errors, @item |