From: schwarze@mdocml.bsd.lv
To: source@mdocml.bsd.lv
Subject: mdocml: Audit malloc(3)/calloc(3)/realloc(3) usage.
Date: Wed, 23 Apr 2014 17:06:41 -0400 (EDT) [thread overview]
Message-ID: <201404232106.s3NL6fG3009154@krisdoz.my.domain> (raw)
Log Message:
-----------
Audit malloc(3)/calloc(3)/realloc(3) usage.
* Change eight reallocs to reallocarray to be safe from overflows.
* Change one malloc to reallocarray to be safe from overflows.
* Change one calloc to reallocarray, no zeroing needed.
* Change the order of arguments of three callocs (aesthetical).
Modified Files:
--------------
mdocml:
LICENSE
Makefile
configure
eqn.c
mandoc_aux.c
mandoc_aux.h
mandocdb.c
manpath.c
mansearch.c
mdoc_argv.c
mdoc_validate.c
term.c
term_ps.c
Added Files:
-----------
mdocml:
compat_reallocarray.c
test-reallocarray.c
Revision Data
-------------
Index: term.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/term.c,v
retrieving revision 1.222
retrieving revision 1.223
diff -Lterm.c -Lterm.c -u -p -r1.222 -r1.223
--- term.c
+++ term.c
@@ -522,7 +522,7 @@ adjbuf(struct termp *p, size_t sz)
while (sz >= p->maxcols)
p->maxcols <<= 2;
- p->buf = mandoc_realloc(p->buf, sizeof(int) * p->maxcols);
+ p->buf = mandoc_reallocarray(p->buf, p->maxcols, sizeof(int));
}
static void
Index: mansearch.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mansearch.c,v
retrieving revision 1.35
retrieving revision 1.36
diff -Lmansearch.c -Lmansearch.c -u -p -r1.35 -r1.36
--- mansearch.c
+++ mansearch.c
@@ -328,8 +328,8 @@ mansearch(const struct mansearch *search
mp = ohash_next(&htab, &idx)) {
if (cur + 1 > maxres) {
maxres += 1024;
- *res = mandoc_realloc(*res,
- maxres * sizeof(struct manpage));
+ *res = mandoc_reallocarray(*res,
+ maxres, sizeof(struct manpage));
}
mpage = *res + cur;
mpage->form = mp->form;
@@ -793,7 +793,7 @@ static void *
hash_halloc(size_t sz, void *arg)
{
- return(mandoc_calloc(sz, 1));
+ return(mandoc_calloc(1, sz));
}
static void *
Index: mandoc_aux.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mandoc_aux.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -Lmandoc_aux.c -Lmandoc_aux.c -u -p -r1.1 -r1.2
--- mandoc_aux.c
+++ mandoc_aux.c
@@ -80,6 +80,18 @@ mandoc_realloc(void *ptr, size_t size)
return(ptr);
}
+void *
+mandoc_reallocarray(void *ptr, size_t num, size_t size)
+{
+
+ ptr = reallocarray(ptr, num, size);
+ if (NULL == ptr) {
+ perror(NULL);
+ exit((int)MANDOCLEVEL_SYSERR);
+ }
+ return(ptr);
+}
+
char *
mandoc_strdup(const char *ptr)
{
Index: term_ps.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/term_ps.c,v
retrieving revision 1.59
retrieving revision 1.60
diff -Lterm_ps.c -Lterm_ps.c -u -p -r1.59 -r1.60
--- term_ps.c
+++ term_ps.c
@@ -628,12 +628,8 @@ pdf_obj(struct termp *p, size_t obj)
if ((obj - 1) >= p->ps->pdfobjsz) {
p->ps->pdfobjsz = obj + 128;
- p->ps->pdfobjs = realloc(p->ps->pdfobjs,
- p->ps->pdfobjsz * sizeof(size_t));
- if (NULL == p->ps->pdfobjs) {
- perror(NULL);
- exit((int)MANDOCLEVEL_SYSERR);
- }
+ p->ps->pdfobjs = mandoc_reallocarray(p->ps->pdfobjs,
+ p->ps->pdfobjsz, sizeof(size_t));
}
p->ps->pdfobjs[(int)obj - 1] = p->ps->pdfbytes;
@@ -1169,7 +1165,5 @@ ps_growbuf(struct termp *p, size_t sz)
sz = PS_BUFSLOP;
p->ps->psmargsz += sz;
-
- p->ps->psmarg = mandoc_realloc
- (p->ps->psmarg, p->ps->psmargsz);
+ p->ps->psmarg = mandoc_realloc(p->ps->psmarg, p->ps->psmargsz);
}
Index: manpath.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/manpath.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -Lmanpath.c -Lmanpath.c -u -p -r1.14 -r1.15
--- manpath.c
+++ manpath.c
@@ -169,8 +169,8 @@ manpath_add(struct manpaths *dirs, const
if (0 == strcmp(dirs->paths[i], dir))
return;
- dirs->paths = mandoc_realloc(dirs->paths,
- (dirs->sz + 1) * sizeof(char *));
+ dirs->paths = mandoc_reallocarray(dirs->paths,
+ dirs->sz + 1, sizeof(char *));
dirs->paths[dirs->sz++] = mandoc_strdup(cp);
}
Index: eqn.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/eqn.c,v
retrieving revision 1.41
retrieving revision 1.42
diff -Leqn.c -Leqn.c -u -p -r1.41 -r1.42
--- eqn.c
+++ eqn.c
@@ -864,8 +864,8 @@ eqn_do_define(struct eqn_node *ep)
if (i == (int)ep->defsz) {
ep->defsz++;
- ep->defs = mandoc_realloc(ep->defs,
- ep->defsz * sizeof(struct eqn_def));
+ ep->defs = mandoc_reallocarray(ep->defs,
+ ep->defsz, sizeof(struct eqn_def));
ep->defs[i].key = ep->defs[i].val = NULL;
}
Index: mdoc_validate.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mdoc_validate.c,v
retrieving revision 1.213
retrieving revision 1.214
diff -Lmdoc_validate.c -Lmdoc_validate.c -u -p -r1.213 -r1.214
--- mdoc_validate.c
+++ mdoc_validate.c
@@ -1460,8 +1460,8 @@ post_bl_block_tag(POST_ARGS)
assert(n->args);
i = (int)(n->args->argc)++;
- n->args->argv = mandoc_realloc(n->args->argv,
- n->args->argc * sizeof(struct mdoc_argv));
+ n->args->argv = mandoc_reallocarray(n->args->argv,
+ n->args->argc, sizeof(struct mdoc_argv));
n->args->argv[i].arg = MDOC_Width;
n->args->argv[i].line = n->line;
@@ -1521,8 +1521,8 @@ post_bl_head(POST_ARGS)
*/
np->args->argv[j].sz = (size_t)mdoc->last->nchild;
- np->args->argv[j].value = mandoc_malloc(
- (size_t)mdoc->last->nchild * sizeof(char *));
+ np->args->argv[j].value = mandoc_reallocarray(NULL,
+ (size_t)mdoc->last->nchild, sizeof(char *));
mdoc->last->norm->Bl.ncols = np->args->argv[j].sz;
mdoc->last->norm->Bl.cols = (void *)np->args->argv[j].value;
Index: mandocdb.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mandocdb.c,v
retrieving revision 1.143
retrieving revision 1.144
diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.143 -r1.144
--- mandocdb.c
+++ mandocdb.c
@@ -471,8 +471,8 @@ main(int argc, char *argv[])
* manpath_parse() wants to do it.
*/
if (argc > 0) {
- dirs.paths = mandoc_calloc(argc,
- sizeof(char *));
+ dirs.paths = mandoc_reallocarray(NULL,
+ argc, sizeof(char *));
dirs.sz = (size_t)argc;
for (i = 0; i < argc; i++)
dirs.paths[i] = mandoc_strdup(argv[i]);
@@ -1784,7 +1784,7 @@ putkeys(const struct mpage *mpage,
s->mask |= v;
return;
} else if (NULL == s) {
- s = mandoc_calloc(sizeof(struct str) + sz + 1, 1);
+ s = mandoc_calloc(1, sizeof(struct str) + sz + 1);
memcpy(s->key, cp, sz);
ohash_insert(htab, slot, s);
}
@@ -2314,7 +2314,7 @@ static void *
hash_halloc(size_t sz, void *arg)
{
- return(mandoc_calloc(sz, 1));
+ return(mandoc_calloc(1, sz));
}
static void *
--- /dev/null
+++ test-reallocarray.c
@@ -0,0 +1,7 @@
+#include <stdlib.h>
+
+int
+main(void)
+{
+ return( ! reallocarray(NULL, 2, 2));
+}
Index: configure
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/configure,v
retrieving revision 1.2
retrieving revision 1.3
diff -Lconfigure -Lconfigure -u -p -r1.2 -r1.3
--- configure
+++ configure
@@ -34,6 +34,7 @@ runtest fgetln FGETLN
runtest getsubopt GETSUBOPT
runtest mmap MMAP
runtest ohash OHASH
+runtest reallocarray REALLOCARRAY
runtest strcasestr STRCASESTR
runtest strlcat STRLCAT
runtest strlcpy STRLCPY
Index: mdoc_argv.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mdoc_argv.c,v
retrieving revision 1.92
retrieving revision 1.93
diff -Lmdoc_argv.c -Lmdoc_argv.c -u -p -r1.92 -r1.93
--- mdoc_argv.c
+++ mdoc_argv.c
@@ -359,8 +359,8 @@ mdoc_argv(struct mdoc *mdoc, int line, e
arg = *v = mandoc_calloc(1, sizeof(struct mdoc_arg));
arg->argc++;
- arg->argv = mandoc_realloc(arg->argv,
- arg->argc * sizeof(struct mdoc_argv));
+ arg->argv = mandoc_reallocarray(arg->argv,
+ arg->argc, sizeof(struct mdoc_argv));
memcpy(&arg->argv[(int)arg->argc - 1], &tmp,
sizeof(struct mdoc_argv));
@@ -667,8 +667,8 @@ argv_multi(struct mdoc *mdoc, int line,
break;
if (0 == v->sz % MULTI_STEP)
- v->value = mandoc_realloc(v->value,
- (v->sz + MULTI_STEP) * sizeof(char *));
+ v->value = mandoc_reallocarray(v->value,
+ v->sz + MULTI_STEP, sizeof(char *));
v->value[(int)v->sz] = mandoc_strdup(p);
}
Index: Makefile
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/Makefile,v
retrieving revision 1.417
retrieving revision 1.418
diff -LMakefile -LMakefile -u -p -r1.417 -r1.418
--- Makefile
+++ Makefile
@@ -64,6 +64,7 @@ TESTSRCS = test-fgetln.c \
test-getsubopt.c \
test-mmap.c \
test-ohash.c \
+ test-reallocarray.c \
test-strlcat.c \
test-strlcpy.c \
test-strnlen.c \
@@ -86,6 +87,7 @@ SRCS = LICENSE \
compat_getsubopt.c \
compat_ohash.c \
compat_ohash.h \
+ compat_reallocarray.c \
compat_strcasestr.c \
compat_strlcat.c \
compat_strlcpy.c \
@@ -213,6 +215,7 @@ LIBMANDOC_OBJS = $(LIBMAN_OBJS) \
COMPAT_OBJS = compat_fgetln.o \
compat_getsubopt.o \
compat_ohash.o \
+ compat_reallocarray.o \
compat_strcasestr.o \
compat_strlcat.o \
compat_strlcpy.o \
--- /dev/null
+++ compat_reallocarray.c
@@ -0,0 +1,45 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_REALLOCARRAY
+
+int dummy;
+
+#else
+
+/* $OpenBSD: malloc.c,v 1.158 2014/04/23 15:07:27 tedu Exp $ */
+/*
+ * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <sys/types.h>
+#include <errno.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#define MUL_NO_OVERFLOW (1UL << (sizeof(size_t) * 4))
+
+void *
+reallocarray(void *optr, size_t nmemb, size_t size)
+{
+ if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+ nmemb > 0 && SIZE_MAX / nmemb < size) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ return realloc(optr, size * nmemb);
+}
+
+#endif /*!HAVE_REALLOCARRAY*/
Index: LICENSE
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/LICENSE,v
retrieving revision 1.1
retrieving revision 1.2
diff -LLICENSE -LLICENSE -u -p -r1.1 -r1.2
--- LICENSE
+++ LICENSE
@@ -10,6 +10,7 @@ Copyright (c) 2009, 2010, 2011, 2012 Joe
Copyright (c) 2013 Franco Fichtner <franco@lastsummer.de>
Copyright (c) 1999, 2004 Marc Espie <espie@openbsd.org>
Copyright (c) 1998, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
Copyright (c) 2003 Jason McIntyre <jmc@openbsd.org>
See the individual source files for information about who contributed
Index: mandoc_aux.h
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mandoc_aux.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -Lmandoc_aux.h -Lmandoc_aux.h -u -p -r1.1 -r1.2
--- mandoc_aux.h
+++ mandoc_aux.h
@@ -24,6 +24,7 @@ int mandoc_asprintf(char **, const ch
void *mandoc_calloc(size_t, size_t);
void *mandoc_malloc(size_t);
void *mandoc_realloc(void *, size_t);
+void *mandoc_reallocarray(void *, size_t, size_t);
char *mandoc_strdup(const char *);
char *mandoc_strndup(const char *, size_t);
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
next reply other threads:[~2014-04-23 21:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-23 21:06 schwarze [this message]
2014-04-23 21:40 schwarze
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201404232106.s3NL6fG3009154@krisdoz.my.domain \
--to=schwarze@mdocml.bsd.lv \
--cc=source@mdocml.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).