1 /* safe-alloc.c: safer memory allocation
3 Copyright (C) 2009, 2010 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify it
6 under the terms of the GNU General Public License as published by the
7 Free Software Foundation; either version 3 of the License, or any
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18 /* Written by Daniel Berrange <berrange@redhat.com>, 2008 */
23 #include "safe-alloc.h"
30 /* Return 1 if an array of N objects, each of size S, cannot exist due
31 to size arithmetic overflow. S must be positive and N must be
32 nonnegative. This is a macro, not an inline function, so that it
33 works correctly even when SIZE_MAX < N.
35 By gnulib convention, SIZE_MAX represents overflow in size
36 calculations, so the conservative dividend to use here is
37 SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value.
38 However, malloc (SIZE_MAX) fails on all known hosts where
39 sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for
40 exactly-SIZE_MAX allocations on such hosts; this avoids a test and
41 branch when S is known to be 1.
43 This is the same as xalloc_oversized from xalloc.h
45 #define safe_alloc_oversized(n, s) \
46 ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n))
51 * @ptrptr: pointer to pointer for address of allocated memory
52 * @size: number of bytes to allocate
53 * @count: number of elements to allocate
55 * Allocate an array of memory 'count' elements long,
56 * each with 'size' bytes. Return the address of the
57 * allocated memory in 'ptrptr'. The newly allocated
58 * memory is filled with zeros.
60 * Return -1 on failure to allocate, zero on success
63 safe_alloc_alloc_n (void *ptrptr, size_t size, size_t count, int zeroed)
65 if (size == 0 || count == 0)
67 *(void **) ptrptr = NULL;
71 if (safe_alloc_oversized (count, size))
78 *(void **) ptrptr = calloc (count, size);
80 *(void **) ptrptr = malloc (count * size);
82 if (*(void **) ptrptr == NULL)
88 * safe_alloc_realloc_n:
89 * @ptrptr: pointer to pointer for address of allocated memory
90 * @size: number of bytes to allocate
91 * @count: number of elements in array
93 * Resize the block of memory in 'ptrptr' to be an array of
94 * 'count' elements, each 'size' bytes in length. Update 'ptrptr'
95 * with the address of the newly allocated memory. On failure,
96 * 'ptrptr' is not changed and still points to the original memory
97 * block. The newly allocated memory is filled with zeros.
99 * Return -1 on failure to allocate, zero on success
102 safe_alloc_realloc_n (void *ptrptr, size_t size, size_t count)
105 if (size == 0 || count == 0)
107 free (*(void **) ptrptr);
108 *(void **) ptrptr = NULL;
111 if (safe_alloc_oversized (count, size))
116 tmp = realloc (*(void **) ptrptr, size * count);
119 *(void **) ptrptr = tmp;