This is the mail archive of the
mailing list for the GCC project.
Re: [PATCH, libgfortran] Add overflow check to xmalloc
- From: "Bernhard Reutner-Fischer" <rep dot dot dot nop at gmail dot com>
- To: Janne Blomqvist <blomqvist dot janne at gmail dot com>, Fortran List <fortran at gcc dot gnu dot org>, GCC Patches <gcc-patches at gcc dot gnu dot org>
- Date: Sun, 15 Jun 2014 07:23:36 +0200
- Subject: Re: [PATCH, libgfortran] Add overflow check to xmalloc
- Authentication-results: sourceware.org; auth=none
- References: <CAO9iq9FrhNHVV2jDPafpq_6MjMGk-v4DgEOZ472c2uV7L2X4Bg at mail dot gmail dot com> <CAO9iq9HpOSSXCHWVFc0t0EQHKea+QVEEEmNYjY9L=7t+kh5o=A at mail dot gmail dot com> <CAO9iq9Epy02hgq4s3nknu+CSXq7RNrQnnDc0AF0wsUgpU49bAQ at mail dot gmail dot com> <CAO9iq9Gqj+9rQhMyUgTdzn+=9befKO-YNxDVQqdd2MHjTQbbBw at mail dot gmail dot com> <CAO9iq9FDj9H3+XGqsjFOXG=Jz70hyTNFbCfP+=U+-MUiSx2SDg at mail dot gmail dot com>
>> On Tue, May 20, 2014 at 12:42 AM, Janne Blomqvist
>> <firstname.lastname@example.org> wrote:
>>> On Thu, May 15, 2014 at 1:00 AM, Janne Blomqvist
>>> <email@example.com> wrote:
>>>> a common malloc() pattern is "malloc(num_foo * sizeof(foo_t)", that
>>>> is, create space for an array of type foo_t with num_foo elements.
>>>> There is a slight danger here in that the multiplication can overflow
>>>> and wrap around, and then the caller thinks it has a larger array than
>>>> what malloc has actually created. The attached patch changes the
>>>> libgfortran xmalloc() function to have an API similar to calloc() with
>>>> two arguments, and the implementation checks for wraparound.
>>> attached is an updated patch which instead introduces a new function,
>>> xmallocarray, with the overflow check, and leaves the existing xmalloc
>>> as is. Thus avoiding the extra checking in the common case where one
>>> of the arguments to xmallocarray would be 1.
>>> Tested on x86_64-unknown-linux-gnu, Ok for trunk?
I would prefer if xcmalloc would not be named xmallocarray.
Sent with AquaMail for Android