diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2015-03-21 15:21:14 -0700 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2015-04-21 16:57:07 -0700 |
| commit | b96dc999968320ad6322b50c79d847efcfcd02b2 (patch) | |
| tree | 6b5f1853a7b7c4fc4bd9387dbc3d5caf0b386368 /include | |
| parent | f3ba909753cd216fc9eca4618a76cc283ccbf51e (diff) | |
Add XNFcallocarray() to allow xnfcalloc() to check for overflow
The xnfcalloc() macro took two arguments but simply multiplied them
together without checking for overflow and defeating any overflow
checking that calloc() might have done. Let's not do that.
The original XNFcalloc() function is left for now to preserve driver
ABI, but is marked as deprecated so it can be removed in a future round
of ABI break/cleanup.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/os.h | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/include/os.h b/include/os.h index 3e68c4933..9d8b859d8 100644 --- a/include/os.h +++ b/include/os.h @@ -69,7 +69,7 @@ typedef struct _NewClientRec *NewClientPtr; #ifndef xnfalloc #define xnfalloc(size) XNFalloc((unsigned long)(size)) -#define xnfcalloc(_num, _size) XNFcalloc((unsigned long)(_num)*(unsigned long)(_size)) +#define xnfcalloc(_num, _size) XNFcallocarray((_num), (_size)) #define xnfrealloc(ptr, size) XNFrealloc((void *)(ptr), (unsigned long)(size)) #define xstrdup(s) Xstrdup(s) @@ -222,7 +222,14 @@ XNFalloc(unsigned long /*amount */ ); * enough memory. */ extern _X_EXPORT void * -XNFcalloc(unsigned long /*amount */ ); +XNFcalloc(unsigned long /*amount */ ) _X_DEPRECATED; + +/* + * This function calloc(3)s buffer, terminating the server if there is not + * enough memory or the arguments overflow when multiplied + */ +extern _X_EXPORT void * +XNFcallocarray(size_t nmemb, size_t size); /* * This function realloc(3)s passed buffer, terminating the server if there is |