[cairo] Catching int overflows in allocations

Carl Worth cworth at cworth.org
Tue Jun 19 12:33:43 PDT 2007

On Fri, 15 Jun 2007 15:34:54 -0700, Vladimir Vukicevic wrote:
> >     The attached patch reworks a bunch of memory allocations in cairo to use
> >     two new functions, _cairo_malloc2/_cairo_malloc3, that know how to check
> >     for integer overflow before allocating.

This is great stuff, Vlad!

> +Because much of cairo's data consists of dynamically allocated arrays,
> +it's very easy to introduce integer overflow issues whenever malloc()
> +is called.  Use the _cairo_malloc2(), _cairo_malloc3(), and
> +_cairo_malloc2k macros to avoid these cases; these macros check for
> +overflow and will return NULL in that case.

I think the malloc2 and malloc3 names were sufficient if we are doing
nothing but multiplication here. But if we're throwing addition into
the mix, I don't think malloc2k makes that clear at all.

How about these instead:


> +In general, be wary of performing any arithmetic operations in an
> +argument to malloc.  You should explicitly check for integer overflow
> +yourself in any more complex situations.  For example:
> +
> +  malloc (sizeof(header) + n_items * sizeof(item))

Looks like this example can go away since you're now providing a macro
for it so it won't have to be manual anymore.

Thanks again,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://cairographics.org/archives/cairo/attachments/20070619/416565b6/attachment.pgp 

More information about the cairo mailing list