[PATCH v2 04/17] Import reallocarray() from OpenBSD

Alan Coopersmith alan.coopersmith at oracle.com
Thu Apr 16 18:49:12 PDT 2015 

Wrapper for realloc() that checks for overflow when multiplying
arguments together, so we don't have to add overflow checks to
every single call.  For documentation on usage, see:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/calloc.3

Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Acked-by: Matt Turner <mattst88 at gmail.com>
---
 configure.ac             |    2 +-
 include/dix-config.h.in  |    3 +++
 include/os.h             |    9 ++++++++-
 include/xorg-server.h.in |    3 +++
 os/reallocarray.c        |   43 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 os/reallocarray.c

diff --git a/configure.ac b/configure.ac
index 606298b..a5bdbbf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -219,7 +219,7 @@ dnl Checks for library functions.
 AC_CHECK_FUNCS([backtrace ffs geteuid getuid issetugid getresuid \
 	getdtablesize getifaddrs getpeereid getpeerucred getprogname getzoneid \
 	mmap seteuid shmctl64 strncasecmp vasprintf vsnprintf walkcontext])
-AC_REPLACE_FUNCS([strcasecmp strcasestr strlcat strlcpy strndup])
+AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup])
 
 AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
 
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 1aa77a5..86cf6f2 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -149,6 +149,9 @@
 /* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
 #undef HAVE_NDIR_H
 
+/* Define to 1 if you have the `reallocarray' function. */
+#undef HAVE_REALLOCARRAY
+
 /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
 #undef HAVE_RPCSVC_DBM_H
 
diff --git a/include/os.h b/include/os.h
index 9d8b859..ffa5f39 100644
--- a/include/os.h
+++ b/include/os.h
@@ -517,7 +517,14 @@ ddxGiveUp(enum ExitCode error);
 extern _X_EXPORT int
 TimeSinceLastInputEvent(void);
 
-/* strcasecmp.c */
+/* Function fallbacks provided by AC_REPLACE_FUNCS in configure.ac */
+
+#ifndef HAVE_REALLOCARRAY
+#define reallocarray xreallocarray
+extern _X_EXPORT void *
+reallocarray(void *optr, size_t nmemb, size_t size);
+#endif
+
 #ifndef HAVE_STRCASECMP
 #define strcasecmp xstrcasecmp
 extern _X_EXPORT int
diff --git a/include/xorg-server.h.in b/include/xorg-server.h.in
index 4cb9487..3152dbd 100644
--- a/include/xorg-server.h.in
+++ b/include/xorg-server.h.in
@@ -47,6 +47,9 @@
 /* Define to 1 if you have the `ffs' function. */
 #undef HAVE_FFS
 
+/* Define to 1 if you have the `reallocarray' function. */
+#undef HAVE_REALLOCARRAY
+
 /* Define to 1 if you have the `strcasecmp' function. */
 #undef HAVE_STRCASECMP
 
diff --git a/os/reallocarray.c b/os/reallocarray.c
new file mode 100644
index 0000000..c415e09
--- /dev/null
+++ b/os/reallocarray.c
@@ -0,0 +1,43 @@
+/*	$OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $	*/
+/*
+ * Copyright (c) 2008 Otto Moerbeek <otto at drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#include <sys/types.h>
+#include <errno.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include "os.h"
+
+/*
+ * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
+ * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
+ */
+#define MUL_NO_OVERFLOW	((size_t)1 << (sizeof(size_t) * 4))
+
+void *
+reallocarray(void *optr, size_t nmemb, size_t size)
+{
+	if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+	    nmemb > 0 && SIZE_MAX / nmemb < size) {
+		errno = ENOMEM;
+		return NULL;
+	}
+	return realloc(optr, size * nmemb);
+}
-- 
1.7.9.2

More information about the xorg-devel mailing list