[PATCH] Introduce xmalloc, memory allocator with die_out_of_memory()

Mon Apr 6 16:12:43 UTC 2015

On Tue, Apr 07, 2015 at 12:40:35AM +0900, Masatake YAMATO wrote:
> --- a/defs.h
> +++ b/defs.h
> @@ -434,6 +434,15 @@ void perror_msg_and_die(const char *fmt, ...)
>  	ATTRIBUTE_FORMAT((printf, 1, 2)) ATTRIBUTE_NORETURN;
>  void die_out_of_memory(void) ATTRIBUTE_NORETURN;
>  
> +/*
> + * Memory allocator + die_out_of_memory
> + */
> +void *xmalloc(size_t size) ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE((1));
> +void *xcalloc(size_t nmmeb, size_t size)
> +	ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE((1, 2));
> +void *xreallocarray(void *optr, size_t nmemb, size_t size)
> +	ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE((1, 2));

ATTRIBUTE_MALLOC is not applicable for realloc.

> --- /dev/null
> +++ b/xmalloc.c
> @@ -0,0 +1,92 @@
> +/*
> + * Copyright (c) 1991, 1992 Paul Kranenburg <pk at cs.few.eur.nl>
> + * Copyright (c) 1993 Branko Lankester <branko at hacktic.nl>
> + * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs at world.std.com>
> + * Copyright (c) 1996-1999 Wichert Akkerman <wichert at cistron.nl>

Not sure these honored people have anything to do with this new code.

> +/* (part of xreallocarray is derived from reallocarray)

Which one?  The definition of MUL_NO_OVERFLOW?

> + *
> + * About reallocarray
> + *
> + * Copyright (c) 2008 Otto Moerbeek <otto at drijf.net>
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +
> +/*
> + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
> + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
> + */
> +#define MUL_NO_OVERFLOW	((size_t)1 << (sizeof(size_t) * 4))
> +
> +void *
> +xreallocarray(void *optr, size_t nmemb, size_t size)
> +{
> +	void *r;
> +	size_t bytes = nmemb * size;
> +
> +	if (((nmemb | size) >= MUL_NO_OVERFLOW) &&
> +	    size && bytes / size != nmemb)
> +		die_out_of_memory();
> +
> +
> +	r = realloc(optr, size * nmemb);

"bytes" already contains the result of multiplication.

-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20150406/4059de42/attachment.bin>