[PATCH:xrdb] Use reallocarray() for array allocations & resizing

Alan Coopersmith alan.coopersmith at oracle.com
Sat Aug 8 09:04:44 PDT 2015


Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
 configure.ac |    2 +-
 xrdb.c       |   39 +++++++++++++++++++++++++++++++++------
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index bf7e0a7..2c42add 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ m4_ifndef([XORG_MACROS_VERSION],
 XORG_MACROS_VERSION(1.8)
 XORG_DEFAULT_OPTIONS
 
-AC_CHECK_FUNCS([mkstemp asprintf])
+AC_CHECK_FUNCS([mkstemp asprintf reallocarray])
 
 # Find MAXHOSTNAMELEN definition
 # Common hidey holes:
diff --git a/xrdb.c b/xrdb.c
index a980230..72e526c 100644
--- a/xrdb.c
+++ b/xrdb.c
@@ -53,6 +53,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <stdarg.h>
+#include <stdint.h>
 
 #ifdef NEED_SYS_PARAM_H
 # include <sys/param.h>         /* defines MAXHOSTNAMELEN on BSD & Linux */
@@ -186,12 +187,27 @@ asprintf(char **ret, const char *format, ...)
 }
 #endif                          /* HAVE_ASPRINTF */
 
+#ifndef HAVE_REALLOCARRAY
+/* overflow checking realloc API from OpenBSD libc */
+static inline void *
+reallocarray(void *optr, size_t n, size_t s)
+{
+    if (n > 0 && (SIZE_MAX / n) < s)
+        return NULL;
+    return realloc(optr, n * s);
+}
+#endif
+
+# define mallocarray(n, s) reallocarray(NULL, n, s)
+
 static void
 InitBuffer(Buffer *b)
 {
     b->room = INIT_BUFFER_SIZE;
     b->used = 0;
-    b->buff = malloc(INIT_BUFFER_SIZE * sizeof(char));
+    b->buff = mallocarray(INIT_BUFFER_SIZE, sizeof(char));
+    if (b->buff == NULL)
+        fatal("%s: Can't allocate memory in %s\n", ProgramName, __func__);
 }
 
 #ifdef notyet
@@ -206,7 +222,9 @@ static void
 AppendToBuffer(Buffer *b, const char *str, size_t len)
 {
     while (b->used + len > b->room) {
-        b->buff = realloc(b->buff, 2 * b->room * (sizeof(char)));
+        b->buff = reallocarray(b->buff, b->room, 2 * sizeof(char));
+        if (b->buff == NULL)
+            fatal("%s: Can't allocate memory in %s\n", ProgramName, __func__);
         b->room *= 2;
     }
     strncpy(b->buff + b->used, str, len);
@@ -218,7 +236,10 @@ InitEntries(Entries *e)
 {
     e->room = INIT_ENTRY_SIZE;
     e->used = 0;
-    e->entry = malloc(INIT_ENTRY_SIZE * sizeof(Entry));
+    e->entry = mallocarray(INIT_ENTRY_SIZE, sizeof(Entry));
+    if (e->entry == NULL)
+        fatal("%s: Can't allocate memory in %s\n", ProgramName, __func__);
+
 }
 
 static void
@@ -258,7 +279,9 @@ AddEntry(Entries *e, Entry *entry)
     }
 
     if (e->used == e->room) {
-        e->entry = realloc(e->entry, 2 * e->room * (sizeof(Entry)));
+        e->entry = reallocarray(e->entry, e->room, 2 * sizeof(Entry));
+        if (e->entry == NULL)
+            fatal("%s: Can't allocate memory in %s\n", ProgramName, __func__);
         e->room *= 2;
     }
     entry->usable = True;
@@ -1141,7 +1164,9 @@ main(int argc, char *argv[])
     else {
         Entries *dbs;
 
-        dbs = malloc(((unsigned) ScreenCount(dpy)) * sizeof(Entries));
+        dbs = mallocarray(ScreenCount(dpy), sizeof(Entries));
+        if (dbs == NULL)
+            fatal("%s: Can't allocate memory in %s\n", ProgramName, __func__);
         for (i = 0; i < ScreenCount(dpy); i++) {
             Process(i, True, False);
             dbs[i] = newDB;
@@ -1425,7 +1450,9 @@ ShuffleEntries(Entries *db, Entries *dbs, unsigned int num)
     Entries cur, cmp;
     char *curtag, *curvalue;
 
-    hits = malloc(num * sizeof(int));
+    hits = mallocarray(num, sizeof(int));
+    if (hits == NULL)
+        fatal("%s: Can't allocate memory in %s\n", ProgramName, __func__);
     cur = dbs[0];
     for (i = 0; i < cur.used; i++) {
         curtag = cur.entry[i].tag;
-- 
1.7.9.2



More information about the xorg-devel mailing list