Implement reallocarray()

Stateless and I stumbled upon this issue while discussing the semantics of read, accepting a size_t but only being able to return ssize_t, effectively lacking the ability to report successful reads > SSIZE_MAX. The discussion went along and we came to the topic of input-based memory allocations. Basically, it was possible for the argument to a memory-allocation-function to overflow, leading to a segfault later. The OpenBSD-guys came up with the ingenious reallocarray-function, and I implemented it as ereallocarray, which automatically returns on error. Read more about it here[0]. A simple testcase is this (courtesy to stateless): $ sbase-strings -n (2^(32|64) / 4) This will segfault before this patch and properly return an OOM- situation afterwards (thanks to the overflow-check in reallocarray). [0]: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/calloc.3
2015-03-10 21:16:21 +01:00
parent 066a0306a1
commit 3b825735d8
14 changed files with 84 additions and 27 deletions
--- a/ls.c
+++ b/ls.c
@@ -217,7 +217,7 @@ lsdir(const char *path)
 			mkent(&ent, d->d_name, Fflag || lflag || pflag || iflag || Rflag, Lflag);
 			ls(&ent, Rflag);
 		} else {
-			ents = erealloc(ents, ++n * sizeof(*ents));
+			ents = ereallocarray(ents, ++n, sizeof(*ents));
 			name = p = estrdup(d->d_name);
 			if (qflag) {
 				q = d->d_name;
@@ -269,7 +269,7 @@ usage(void)
 int
 main(int argc, char *argv[])
 {
-	struct entry *ents;
+	struct entry *ents = NULL;
 	size_t i;

 	ARGBEGIN {
@@ -341,7 +341,7 @@ main(int argc, char *argv[])
 	if (argc == 0)
 		*--argv = ".", argc++;

-	ents = emalloc(argc * sizeof(*ents));
+	ents = ereallocarray(ents, argc, sizeof(*ents));

 	for (i = 0; i < argc; i++)
 		mkent(&ents[i], argv[i], 1, Hflag || Lflag);