2012-03-02 13:29:36 +01:00
|
|
|
/*
|
|
|
|
* alloc.c - memory allocation functions
|
|
|
|
* Copyright (C) 1992-1998 by Michael K. Johnson, johnsonm@redhat.com
|
|
|
|
* Copyright 2002 Albert Cahalan
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*/
|
2002-12-15 00:30:17 +00:00
|
|
|
|
2011-11-16 10:49:02 -06:00
|
|
|
#include <stdarg.h>
|
2002-02-01 22:47:29 +00:00
|
|
|
#include <stdio.h>
|
2011-11-16 10:49:02 -06:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
2002-12-09 07:00:07 +00:00
|
|
|
#include "alloc.h"
|
2002-02-01 22:47:29 +00:00
|
|
|
|
2011-11-16 10:49:02 -06:00
|
|
|
static void xdefault_error(const char *restrict fmts, ...) __attribute__((format(printf,1,2)));
|
|
|
|
static void xdefault_error(const char *restrict fmts, ...) {
|
|
|
|
va_list va;
|
|
|
|
|
|
|
|
va_start(va, fmts);
|
|
|
|
vfprintf(stderr, fmts, va);
|
2011-11-16 10:49:02 -06:00
|
|
|
va_end(va);
|
|
|
|
}
|
|
|
|
|
|
|
|
message_fn xalloc_err_handler = xdefault_error;
|
|
|
|
|
|
|
|
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
void *xcalloc(size_t size) {
|
2011-11-16 10:49:02 -06:00
|
|
|
void * p;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
++size;
|
|
|
|
p = calloc(1, size);
|
|
|
|
if (!p) {
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
xalloc_err_handler("%s failed to allocate %zu bytes of memory", __func__, size);
|
2011-11-16 10:49:02 -06:00
|
|
|
exit(EXIT_FAILURE);
|
2002-02-01 22:47:29 +00:00
|
|
|
}
|
2011-11-16 10:49:02 -06:00
|
|
|
return p;
|
2002-02-01 22:47:29 +00:00
|
|
|
}
|
|
|
|
|
2012-11-02 17:50:50 +00:00
|
|
|
void *xmalloc(size_t size) {
|
2002-02-01 22:47:29 +00:00
|
|
|
void *p;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
++size;
|
|
|
|
p = malloc(size);
|
|
|
|
if (!p) {
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
xalloc_err_handler("%s failed to allocate %zu bytes of memory", __func__, size);
|
2011-11-16 10:49:02 -06:00
|
|
|
exit(EXIT_FAILURE);
|
2002-02-01 22:47:29 +00:00
|
|
|
}
|
|
|
|
return(p);
|
|
|
|
}
|
|
|
|
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
void *xrealloc(void *oldp, size_t size) {
|
2002-02-01 22:47:29 +00:00
|
|
|
void *p;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
++size;
|
|
|
|
p = realloc(oldp, size);
|
|
|
|
if (!p) {
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
xalloc_err_handler("%s failed to allocate %zu bytes of memory", __func__, size);
|
2011-11-16 10:49:02 -06:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
return(p);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *xstrdup(const char *str) {
|
|
|
|
char *p = NULL;
|
|
|
|
|
|
|
|
if (str) {
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
size_t size = strlen(str) + 1;
|
|
|
|
if (size < 1) {
|
|
|
|
xalloc_err_handler("%s refused to allocate %zu bytes of memory", __func__, size);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
2011-11-16 10:49:02 -06:00
|
|
|
p = malloc(size);
|
|
|
|
if (!p) {
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
xalloc_err_handler("%s failed to allocate %zu bytes of memory", __func__, size);
|
2011-11-16 10:49:02 -06:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
-
|
|
|
memcpy(p, str, size);
|
2002-02-01 22:47:29 +00:00
|
|
|
}
|
|
|
|
return(p);
|
|
|
|
}
|