[PATCH 00/17] Improved overflow checking for memory allocations
Matt Turner
mattst88 at gmail.com
Tue Mar 31 20:23:27 PDT 2015
On Tue, Mar 31, 2015 at 5:50 PM, Alan Coopersmith
<alan.coopersmith at oracle.com> wrote:
> This series of patches borrows the reallocarray() interface from OpenBSD,
> improves our xcalloc interfaces, and generally cleans up our array memory
> allocation code to check calculations for memory allocations do not have
> integer overflows in several more places than we previously checked.
>
> Most of these probably couldn't overflow before, but now we can be sure
> without having to do tedious manual analysis of each one, and without
> giving the compiler a reason to assume that we must not have overflowed,
> and thus optimize out any overflow checks that may have been in the wrong
> order previously.
Nice. All but 04/17 are
Reviewed-by: Matt Turner <mattst88 at gmail.com>
And 04/17 is
Acked-by: Matt Turner <mattst88 at gmail.com>
I suspect you did most of this with Coccinelle, but I definitely
noticed an attention to detail that shows that some of this must have
been manual. E.g., transforming malloc(3 * size * sizeof(CARD16)) into
| xallocarray(length, 3 * sizeof(CARD16))
instead of
| xallocarray(3 * length, sizeof(CARD16))
so that the 3 * sizeof(CARD16) can be evaluated at compile time. Nice
of you to get rid of some useless casts as well.
It's minorly unfortunate that a lot of these multiplies (that are by
powers of two) can no longer be turned into shifts, but I guess that's
the price of some additional safety.
More information about the xorg-devel
mailing list