alloca: add an overflow check too

Of course, alloca() shouldn't be used with anything that can grow without bounds anyway, but let's better safe than sorry, and catch this early. Since alloca() is not supposed to return an error we trigger an assert() instead, which is still better than heap trickery.
author: Lennart Poettering <lennart@poettering.net> 2018-04-27 14:27:14 +0200
committer: Sven Eden <yamakuzure@gmx.net> 2018-08-24 16:47:08 +0200
commit: 7ebe63f00f55a754c07c020c80fbbba799c30fda (patch)
tree: 4576674cc035102805a7dba4dede23bc87d4038f /src/basic/alloc-util.h
parent: 94062cd7c9680c5e9870f4352fcd5f0db2e51dfd (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
index 88cd6b0bc..bae6a2845 100644
--- a/src/basic/alloc-util.h
+++ b/src/basic/alloc-util.h
@@ -18,9 +18,17 @@
 
 #define new0(t, n) ((t*) calloc((n), sizeof(t)))
 
-#define newa(t, n) ((t*) alloca(sizeof(t)*(n)))
+#define newa(t, n)                                              \
+        ({                                                      \
+                assert(!size_multiply_overflow(sizeof(t), n));  \
+                (t*) alloca(sizeof(t)*(n));                     \
+        })
 
-#define newa0(t, n) ((t*) alloca0(sizeof(t)*(n)))
+#define newa0(t, n)                                             \
+        ({                                                      \
+                assert(!size_multiply_overflow(sizeof(t), n));  \
+                (t*) alloca0(sizeof(t)*(n));                    \
+        })
 
 #define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n)))
author	Lennart Poettering <lennart@poettering.net>	2018-04-27 14:27:14 +0200
committer	Sven Eden <yamakuzure@gmx.net>	2018-08-24 16:47:08 +0200
commit	7ebe63f00f55a754c07c020c80fbbba799c30fda (patch)
tree	4576674cc035102805a7dba4dede23bc87d4038f /src/basic/alloc-util.h
parent	94062cd7c9680c5e9870f4352fcd5f0db2e51dfd (diff)