safe-alloc: fix pointer implementation

The old implementation assumed that all pointers use the same
internal representation, but the C standard doesn’t guarantee
this.  Use void * (pointer) not void ** (pointer-to-pointer) for
the internal functions’ API.  The internal functions now return
NULL if and only if they failed, and the macros translate that
into -1 or 0 to satisfy the existing API.
* doc/safe-alloc.texi (Safe Allocation Macros): Mention overflow.
* lib/safe-alloc.c: Major rewrite.  Now this simply
defines SAFE_ALLOC_INLINE and includes safe-alloc.h.
* lib/safe-alloc.h: Include stddef.h, not stdlib.h.
(SAFE_ALLOC_INLINE): New macro; use Gnulib inline function style.
(safe_alloc_realloc_n): New API, which passes and returns
the pointer, and which returns NULL if and only if failure occurs.
(safe_alloc_check): New function.
(ALLOC, ALLOC_N, ALLOC_N_UNINITIALIZED, REALLOC_N):
Redo using the new API for internal functions, and using calloc
which is good enough since it’s GNU-compatible now.
(FREE): Expand to an expression rather than merely to something
that needs a following ‘;’ to become a statement.
* modules/safe-alloc (Depends-on): Add calloc-gnu.

1 files changed, 1 insertions, 89 deletions

diff --git a/lib/safe-alloc.c b/lib/safe-alloc.c
index 116ac4371c..df061f9efb 100644
--- a/lib/safe-alloc.c
+++ b/lib/safe-alloc.c
@@ -1,91 +1,3 @@
-/* safe-alloc.c: safer memory allocation
-
-   Copyright (C) 2009-2021 Free Software Foundation, Inc.
-
-   This program is free software: you can redistribute it and/or modify it
-   under the terms of the GNU General Public License as published by the
-   Free Software Foundation; either version 3 of the License, or any
-   later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
-
-/* Written by Daniel Berrange <berrange@redhat.com>, 2008 */
-
 #include <config.h>
-
-/* Specification.  */
+#define SAFE_ALLOC_INLINE _GL_EXTERN_INLINE
 #include "safe-alloc.h"
-
-#include <stdlib.h>
-#include <stddef.h>
-#include <errno.h>
-
-
-/**
- * safe_alloc_alloc_n:
- * @ptrptr: pointer to pointer for address of allocated memory
- * @size: number of bytes to allocate
- * @count: number of elements to allocate
- *
- * Allocate an array of memory 'count' elements long,
- * each with 'size' bytes. Return the address of the
- * allocated memory in 'ptrptr'.  The newly allocated
- * memory is filled with zeros.
- *
- * Return -1 on failure to allocate, zero on success
- */
-int
-safe_alloc_alloc_n (void *ptrptr, size_t size, size_t count, int zeroed)
-{
-  if (size == 0 || count == 0)
-    {
-      *(void **) ptrptr = NULL;
-      return 0;
-    }
-
-  if (zeroed)
-    *(void **) ptrptr = calloc (count, size);
-  else
-    *(void **) ptrptr = reallocarray (NULL, count, size);
-
-  if (*(void **) ptrptr == NULL)
-    return -1;
-  return 0;
-}
-
-/**
- * safe_alloc_realloc_n:
- * @ptrptr: pointer to pointer for address of allocated memory
- * @size: number of bytes to allocate
- * @count: number of elements in array
- *
- * Resize the block of memory in 'ptrptr' to be an array of
- * 'count' elements, each 'size' bytes in length. Update 'ptrptr'
- * with the address of the newly allocated memory. On failure,
- * 'ptrptr' is not changed and still points to the original memory
- * block. The newly allocated memory is filled with zeros.
- *
- * Return -1 on failure to allocate, zero on success
- */
-int
-safe_alloc_realloc_n (void *ptrptr, size_t size, size_t count)
-{
-  void *tmp;
-  if (size == 0 || count == 0)
-    {
-      free (*(void **) ptrptr);
-      *(void **) ptrptr = NULL;
-      return 0;
-    }
-  tmp = reallocarray (*(void **) ptrptr, size, count);
-  if (!tmp)
-    return -1;
-  *(void **) ptrptr = tmp;
-  return 0;
-}