/* Safe automatic memory allocation.
- Copyright (C) 2003-2007 Free Software Foundation, Inc.
+ Copyright (C) 2003-2007, 2009-2010 Free Software Foundation, Inc.
Written by Bruno Haible <bruno@clisp.org>, 2003.
This program is free software; you can redistribute it and/or modify
the function returns. Upon failure, it returns NULL. */
#if HAVE_ALLOCA
# define malloca(N) \
- ((N) < 4032 - sa_increment \
+ ((N) < 4032 - sa_increment \
? (void *) ((char *) alloca ((N) + sa_increment) + sa_increment) \
: mmalloca (N))
#else
# define freea free
#endif
-/* Maybe we should also define a variant
- nmalloca (size_t n, size_t s) - behaves like malloca (n * s)
- If this would be useful in your application. please speak up. */
+/* nmalloca(N,S) is an overflow-safe variant of malloca (N * S).
+ It allocates an array of N objects, each with S bytes of memory,
+ on the stack. S must be positive and N must be nonnegative.
+ The array must be freed using freea() before the function returns. */
+#if 1
+/* Cf. the definition of xalloc_oversized. */
+# define nmalloca(n, s) \
+ ((n) > (size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) \
+ ? NULL \
+ : malloca ((n) * (s)))
+#else
+extern void * nmalloca (size_t n, size_t s);
+#endif
#ifdef __cplusplus
sa_alignment_longdouble = sa_alignof (long double),
sa_alignment_max = ((sa_alignment_long - 1) | (sa_alignment_double - 1)
#if HAVE_LONG_LONG_INT
- | (sa_alignment_longlong - 1)
+ | (sa_alignment_longlong - 1)
#endif
- | (sa_alignment_longdouble - 1)
- ) + 1,
+ | (sa_alignment_longdouble - 1)
+ ) + 1,
/* The increment that guarantees room for a magic word must be >= sizeof (int)
and a multiple of sa_alignment_max. */
sa_increment = ((sizeof (int) + sa_alignment_max - 1) / sa_alignment_max) * sa_alignment_max