From 9c54eb6e30459e74a4de37822b497b0b3dc73995 Mon Sep 17 00:00:00 2001 From: Explorer09 Date: Thu, 19 Jan 2017 16:04:13 +0800 Subject: build: detect overflow for [re]allocate_array. Use reallocarray() when we have it (i.e. in OpenBSD system). When we don't, use equivalent overflow detection for our allocate_array and reallocate_array functions. Remove lib/reallocarray.c from our LIBOBJS as we no longer need it. Provide a fallback SIZE_MAX macro definition in flexint.h (not preprocessor friendly, but enough for our reallocate_array use case). --- configure.ac | 2 +- lib/reallocarray.c | 49 ------------------------------------------------- src/flexint.h | 4 ++++ src/misc.c | 22 ++++++++++++++++------ 4 files changed, 21 insertions(+), 56 deletions(-) delete mode 100644 lib/reallocarray.c diff --git a/configure.ac b/configure.ac index 1543de0..c6c5bd4 100644 --- a/configure.ac +++ b/configure.ac @@ -157,7 +157,7 @@ strchr dnl strdup dnl strtol) -AC_REPLACE_FUNCS(reallocarray) +AC_CHECK_FUNCS(reallocarray) AC_CONFIG_FILES( Makefile diff --git a/lib/reallocarray.c b/lib/reallocarray.c deleted file mode 100644 index 0c1e250..0000000 --- a/lib/reallocarray.c +++ /dev/null @@ -1,49 +0,0 @@ -/* $OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $ */ -/* - * Copyright (c) 2008 Otto Moerbeek - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/reallocarray.c */ - -#include -#ifndef HAVE_REALLOCARRAY -#undef reallocarray - -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include - -void *reallocarray(void *, size_t, size_t); - -/* - * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX - * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW - */ -#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) - -void * -reallocarray(void *optr, size_t nmemb, size_t size) -{ - if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && - nmemb > 0 && SIZE_MAX / nmemb < size) { - errno = ENOMEM; - return NULL; - } - return realloc(optr, size * nmemb); -} -#endif /* HAVE_REALLOCARRAY */ diff --git a/src/flexint.h b/src/flexint.h index f9fa80c..43bb3a8 100644 --- a/src/flexint.h +++ b/src/flexint.h @@ -58,6 +58,10 @@ typedef unsigned int flex_uint32_t; #define UINT32_MAX (4294967295U) #endif +#ifndef SIZE_MAX +#define SIZE_MAX (~(size_t)0) +#endif + #endif /* ! C99 */ #endif /* ! FLEXINT_H */ diff --git a/src/misc.c b/src/misc.c index 6eee161..e17b1a2 100644 --- a/src/misc.c +++ b/src/misc.c @@ -142,9 +142,14 @@ void add_action (const char *new_text) void *allocate_array (int size, size_t element_size) { void *mem; - size_t num_bytes = element_size * (size_t) size; - - mem = malloc(num_bytes); +#if HAVE_REALLOCARRAY + /* reallocarray has built-in overflow detection */ + mem = reallocarray(NULL, (size_t) size, element_size); +#else + size_t num_bytes = (size_t) size * element_size; + mem = (size && SIZE_MAX / (size_t) size < element_size) ? NULL : + malloc(num_bytes); +#endif if (!mem) flexfatal (_ ("memory allocation failed in allocate_array()")); @@ -681,9 +686,14 @@ char *readable_form (int c) void *reallocate_array (void *array, int size, size_t element_size) { void *new_array; - size_t num_bytes = element_size * (size_t) size; - - new_array = realloc(array, num_bytes); +#if HAVE_REALLOCARRAY + /* reallocarray has built-in overflow detection */ + new_array = reallocarray(array, (size_t) size, element_size); +#else + size_t num_bytes = (size_t) size * element_size; + new_array = (size && SIZE_MAX / (size_t) size < element_size) ? NULL : + realloc(array, num_bytes); +#endif if (!new_array) flexfatal (_("attempt to increase array size failed")); -- cgit v1.2.3