diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2021-04-24 17:59:53 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2021-04-24 18:00:47 -0700 |
| commit | cc98a5e2fd16ae8589deea9dbd71be59b6f77305 (patch) | |
| tree | 5cfda2d9701be2b35c5c8447f319402655188581 /lib/malloca.h | |
| parent | a7477abe2943c73bf23f39da2b706ea338d1c9b3 (diff) | |
| download | gnulib-cc98a5e2fd16ae8589deea9dbd71be59b6f77305.tar.gz | |
xmalloca, etc.: fix some xalloc-oversized issues
* lib/malloca.h (nmalloca):
* lib/xmalloca.h (xnmalloca): Convert S to ptrdiff_t to avoid
arithmetic overflow if N and S are both narrower than ptrdiff_t.
* lib/xalloc-oversized.h (xalloc_oversized):
Don’t say that args must be ptrdiff_t or size_t or wider.
The macro returns the correct answer even when that is not
the case, and it’s the caller’s responsibility to avoid
howlers like (xalloc_oversized (n, s) ? NULL : malloc (n * s))
when N and S are both narrower than ptrdiff_t and size_t.
Add a comment to that effect.
* lib/xmalloca.h: Include xalloc-oversized.h, since this file uses
xalloc_oversized. Add comments about side effects and avoid
unnecessary parens.
* modules/xmalloca (Depends-on): Add xalloc-oversized.
Diffstat (limited to 'lib/malloca.h')
| -rw-r--r-- | lib/malloca.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/malloca.h b/lib/malloca.h index 16a156ba20..f9b30880d0 100644 --- a/lib/malloca.h +++ b/lib/malloca.h @@ -77,9 +77,9 @@ extern void freea (void *p); /* nmalloca(N,S) is an overflow-safe variant of malloca (N * S). It allocates an array of N objects, each with S bytes of memory, on the stack. S must be positive and N must be nonnegative. - Either N or S should be of type ptrdiff_t or size_t or wider. The array must be freed using freea() before the function returns. */ -#define nmalloca(n, s) (xalloc_oversized (n, s) ? NULL : malloca ((n) * (s))) +#define nmalloca(n, s) \ + (xalloc_oversized (n, s) ? NULL : malloca ((n) * (ptrdiff_t) (s))) #ifdef __cplusplus |