diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-12-21 10:21:41 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-12-21 16:39:34 +0100 |
| commit | 830464c3e44c9a9c06dc613555663a3e7389d8b9 (patch) | |
| tree | 4157d80c047a6aae028658501691c0a3cc5a2f83 /src/basic/alloc-util.c | |
| parent | 5f9026027da6e7286ae7d420829d300276e5957b (diff) | |
| download | systemd-830464c3e44c9a9c06dc613555663a3e7389d8b9.tar.gz | |
tree-wide: make new/new0/malloc_multiply/reallocarray safe for size 0
All underlying glibc calls are free to return NULL if the size argument
is 0. We most often call those functions with a fixed argument, or at least
something which obviously cannot be zero, but it's too easy to forget.
E.g. coverity complains about "rows = new0(JsonVariant*, n_rows-1);" in
format-table.c There is an assert that n_rows > 0, so we could hit this
corner case here. Let's simplify callers and make those functions "safe".
CID #1397035.
The compiler is mostly able to optimize this away:
$ size build{,-opt}/src/shared/libsystemd-shared-239.so
(before)
text data bss dec hex filename
2643329 580940 3112 3227381 313ef5 build/src/shared/libsystemd-shared-239.so (-O0 -g)
2170013 578588 3089 2751690 29fcca build-opt/src/shared/libsystemd-shared-239.so (-03 -flto -g)
(after)
text data bss dec hex filename
2644017 580940 3112 3228069 3141a5 build/src/shared/libsystemd-shared-239.so
2170765 578588 3057 2752410 29ff9a build-opt/src/shared/libsystemd-shared-239.so
Diffstat (limited to 'src/basic/alloc-util.c')
| -rw-r--r-- | src/basic/alloc-util.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/basic/alloc-util.c b/src/basic/alloc-util.c index 405445eac1..ab7a42c4e2 100644 --- a/src/basic/alloc-util.c +++ b/src/basic/alloc-util.c @@ -12,7 +12,7 @@ void* memdup(const void *p, size_t l) { assert(l == 0 || p); - ret = malloc(l); + ret = malloc(l ?: 1); if (!ret) return NULL; |