diff options
author | Bruno Haible <bruno@clisp.org> | 2007-12-31 11:53:40 +0100 |
---|---|---|
committer | Bruno Haible <bruno@clisp.org> | 2007-12-31 11:53:40 +0100 |
commit | bffe05f44cce9d4f948bb1286097cea293a067f6 (patch) | |
tree | 589352d4f73770a805ce105cf945f6832b6c0252 /lib/malloca.h | |
parent | 666d3eddd79973c9ef06e875a1dc41702bac6443 (diff) | |
download | gnulib-bffe05f44cce9d4f948bb1286097cea293a067f6.tar.gz |
Protect against integer overflow in malloca() calls.
Diffstat (limited to 'lib/malloca.h')
-rw-r--r-- | lib/malloca.h | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/malloca.h b/lib/malloca.h index 2f74b96170..5bb2d47348 100644 --- a/lib/malloca.h +++ b/lib/malloca.h @@ -70,9 +70,19 @@ extern void freea (void *p); # define freea free #endif -/* Maybe we should also define a variant - nmalloca (size_t n, size_t s) - behaves like malloca (n * s) - If this would be useful in your application. please speak up. */ +/* nmalloca(N,S) is an overflow-safe variant of malloca (N * S). + It allocates an array of N objects, each with S bytes of memory, + on the stack. S must be positive and N must be nonnegative. + The array must be freed using freea() before the function returns. */ +#if 1 +/* Cf. the definition of xalloc_oversized. */ +# define nmalloca(n, s) \ + ((n) > (size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) \ + ? NULL \ + : malloca ((n) * (s))) +#else +extern void * nmalloca (size_t n, size_t s); +#endif #ifdef __cplusplus |