diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2021-04-18 20:50:55 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2021-04-18 20:59:52 -0700 |
commit | 5d5120d76b6e540c7e78332aa8302b3244b9ea02 (patch) | |
tree | 2b2fca5342515bc1c16c3e042aa27ea185f48580 /lib/safe-alloc.c | |
parent | 751b5840a02cd42c42d3aaf90640d4636c4271d2 (diff) | |
download | gnulib-5d5120d76b6e540c7e78332aa8302b3244b9ea02.tar.gz |
safe-alloc: fix pointer implementation
The old implementation assumed that all pointers use the same
internal representation, but the C standard doesn’t guarantee
this. Use void * (pointer) not void ** (pointer-to-pointer) for
the internal functions’ API. The internal functions now return
NULL if and only if they failed, and the macros translate that
into -1 or 0 to satisfy the existing API.
* doc/safe-alloc.texi (Safe Allocation Macros): Mention overflow.
* lib/safe-alloc.c: Major rewrite. Now this simply
defines SAFE_ALLOC_INLINE and includes safe-alloc.h.
* lib/safe-alloc.h: Include stddef.h, not stdlib.h.
(SAFE_ALLOC_INLINE): New macro; use Gnulib inline function style.
(safe_alloc_realloc_n): New API, which passes and returns
the pointer, and which returns NULL if and only if failure occurs.
(safe_alloc_check): New function.
(ALLOC, ALLOC_N, ALLOC_N_UNINITIALIZED, REALLOC_N):
Redo using the new API for internal functions, and using calloc
which is good enough since it’s GNU-compatible now.
(FREE): Expand to an expression rather than merely to something
that needs a following ‘;’ to become a statement.
* modules/safe-alloc (Depends-on): Add calloc-gnu.
Diffstat (limited to 'lib/safe-alloc.c')
-rw-r--r-- | lib/safe-alloc.c | 90 |
1 files changed, 1 insertions, 89 deletions
diff --git a/lib/safe-alloc.c b/lib/safe-alloc.c index 116ac4371c..df061f9efb 100644 --- a/lib/safe-alloc.c +++ b/lib/safe-alloc.c @@ -1,91 +1,3 @@ -/* safe-alloc.c: safer memory allocation - - Copyright (C) 2009-2021 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by the - Free Software Foundation; either version 3 of the License, or any - later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <https://www.gnu.org/licenses/>. */ - -/* Written by Daniel Berrange <berrange@redhat.com>, 2008 */ - #include <config.h> - -/* Specification. */ +#define SAFE_ALLOC_INLINE _GL_EXTERN_INLINE #include "safe-alloc.h" - -#include <stdlib.h> -#include <stddef.h> -#include <errno.h> - - -/** - * safe_alloc_alloc_n: - * @ptrptr: pointer to pointer for address of allocated memory - * @size: number of bytes to allocate - * @count: number of elements to allocate - * - * Allocate an array of memory 'count' elements long, - * each with 'size' bytes. Return the address of the - * allocated memory in 'ptrptr'. The newly allocated - * memory is filled with zeros. - * - * Return -1 on failure to allocate, zero on success - */ -int -safe_alloc_alloc_n (void *ptrptr, size_t size, size_t count, int zeroed) -{ - if (size == 0 || count == 0) - { - *(void **) ptrptr = NULL; - return 0; - } - - if (zeroed) - *(void **) ptrptr = calloc (count, size); - else - *(void **) ptrptr = reallocarray (NULL, count, size); - - if (*(void **) ptrptr == NULL) - return -1; - return 0; -} - -/** - * safe_alloc_realloc_n: - * @ptrptr: pointer to pointer for address of allocated memory - * @size: number of bytes to allocate - * @count: number of elements in array - * - * Resize the block of memory in 'ptrptr' to be an array of - * 'count' elements, each 'size' bytes in length. Update 'ptrptr' - * with the address of the newly allocated memory. On failure, - * 'ptrptr' is not changed and still points to the original memory - * block. The newly allocated memory is filled with zeros. - * - * Return -1 on failure to allocate, zero on success - */ -int -safe_alloc_realloc_n (void *ptrptr, size_t size, size_t count) -{ - void *tmp; - if (size == 0 || count == 0) - { - free (*(void **) ptrptr); - *(void **) ptrptr = NULL; - return 0; - } - tmp = reallocarray (*(void **) ptrptr, size, count); - if (!tmp) - return -1; - *(void **) ptrptr = tmp; - return 0; -} |