summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-09-20 00:02:01 +0200
committerLennart Poettering <lennart@poettering.net>2012-09-20 00:02:04 +0200
commit4b8772bf5f2887aa2bdb74efa2f5dfd40fff946d (patch)
treec49d828fe9b0a3ba514e6b4debb6e96258f5ef83 /src
parent505b6a61c22d5565e9308045c7b9bf79f7d0517e (diff)
util: make sure heap allocators fail when array allocations are out of bounds
https://bugzilla.redhat.com/show_bug.cgi?id=858777
Diffstat (limited to 'src')
-rw-r--r--src/shared/util.h20
1 files changed, 17 insertions, 3 deletions
diff --git a/src/shared/util.h b/src/shared/util.h
index e5728bd87e..e23d706ebd 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -111,13 +111,13 @@ size_t page_size(void);
bool streq_ptr(const char *a, const char *b);
-#define new(t, n) ((t*) malloc(sizeof(t)*(n)))
+#define new(t, n) ((t*) malloc_multiply(sizeof(t), (n)))
#define new0(t, n) ((t*) calloc((n), sizeof(t)))
#define newa(t, n) ((t*) alloca(sizeof(t)*(n)))
-#define newdup(t, p, n) ((t*) memdup(p, sizeof(t)*(n)))
+#define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n)))
#define malloc0(n) (calloc((n), 1))
@@ -514,7 +514,7 @@ char *format_bytes(char *buf, size_t l, off_t t);
int fd_wait_for_event(int fd, int event, usec_t timeout);
-void* memdup(const void *p, size_t l);
+void* memdup(const void *p, size_t l) _malloc_;
int is_kernel_thread(pid_t pid);
@@ -543,3 +543,17 @@ void fclosep(FILE **f);
void closep(int *fd);
void closedirp(DIR **d);
void umaskp(mode_t *u);
+
+_malloc_ static inline void *malloc_multiply(size_t a, size_t b) {
+ if (_unlikely_(a > ((size_t) -1) / b))
+ return NULL;
+
+ return malloc(a * b);
+}
+
+static inline void *memdup_multiply(const void *p, size_t a, size_t b) {
+ if (_unlikely_(a > ((size_t) -1) / b))
+ return NULL;
+
+ return memdup(p, a * b);
+}