File: openbsd-reallocarray.c

package info (click to toggle)
giflib 5.1.9-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 2,648 kB
  • sloc: ansic: 6,970; xml: 2,474; makefile: 340; sh: 4
file content (86 lines) | stat: -rw-r--r-- 2,989 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/*	$OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $	*/
/*
 * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <errno.h>
#include <stdint.h>
#include <stdlib.h>

#ifndef SIZE_MAX
    #define SIZE_MAX     UINTPTR_MAX
#endif

/*
 * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
 * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
 */
#define MUL_NO_OVERFLOW	((size_t)1 << (sizeof(size_t) * 4))

void *
openbsd_reallocarray(void *optr, size_t nmemb, size_t size)
{
	if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
	    nmemb > 0 && SIZE_MAX / nmemb < size) {
		errno = ENOMEM;
		return NULL;
	}
	/*
	 * Head off variations in realloc behavior on different
	 * platforms (reported by MarkR <mrogers6@users.sf.net>)
	 *
	 * The behaviour of reallocarray is implementation-defined if
	 * nmemb or size is zero. It can return NULL or non-NULL
	 * depending on the platform.
	 * https://www.securecoding.cert.org/confluence/display/c/MEM04-C.Beware+of+zero-lengthallocations
	 *
	 * Here are some extracts from realloc man pages on different platforms.
	 *
	 * void realloc( void memblock, size_t size );
	 *
	 * Windows:
	 *
	 * If there is not enough available memory to expand the block
	 * to the given size, the original block is left unchanged,
	 * and NULL is returned.  If size is zero, then the block
	 * pointed to by memblock is freed; the return value is NULL,
	 * and memblock is left pointing at a freed block.
	 *
	 * OpenBSD:
	 *
	 * If size or nmemb is equal to 0, a unique pointer to an
	 * access protected, zero sized object is returned. Access via
	 * this pointer will generate a SIGSEGV exception.
	 *
	 * Linux:
	 *
	 * If size was equal to 0, either NULL or a pointer suitable
	 * to be passed to free() is returned.
	 *
	 * OS X:
	 *
	 * If size is zero and ptr is not NULL, a new, minimum sized
	 * object is allocated and the original object is freed.
	 *
	 * It looks like images with zero width or height can trigger
	 * this, and fuzzing behaviour will differ by platform, so
	 * fuzzing on one platform may not detect zero-size allocation
	 * problems on other platforms.
	 */
	if (size == 0 || nmemb == 0)
	    return NULL;
	return realloc(optr, size * nmemb);
}