From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 9756 invoked from network); 22 Jul 2020 00:34:02 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 22 Jul 2020 00:34:02 -0000 Received: (qmail 26006 invoked by uid 550); 22 Jul 2020 00:34:01 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 25986 invoked from network); 22 Jul 2020 00:34:00 -0000 Date: Tue, 21 Jul 2020 20:33:44 -0400 From: Rich Felker To: musl@lists.openwall.com Message-ID: <20200722003344.GV14669@brightrain.aerifal.cx> References: <20200722002426.23580-1-ariadne@dereferenced.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200722002426.23580-1-ariadne@dereferenced.org> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] [PATCH] implement reallocarray(3) On Tue, Jul 21, 2020 at 06:24:26PM -0600, Ariadne Conill wrote: > reallocarray(3) is an extension introduced by OpenBSD, which > introduces calloc(3) overflow checking to realloc(3). > > glibc 2.28 introduced support for this function behind _GNU_SOURCE, > while glibc 2.29 allows its usage in _DEFAULT_SOURCE, so I made it > available by default as well. > --- > include/stdlib.h | 1 + > src/malloc/reallocarray.c | 13 +++++++++++++ > 2 files changed, 14 insertions(+) > create mode 100644 src/malloc/reallocarray.c > > diff --git a/include/stdlib.h b/include/stdlib.h > index 194c2033..8db8e5cc 100644 > --- a/include/stdlib.h > +++ b/include/stdlib.h > @@ -38,6 +38,7 @@ void srand (unsigned); > void *malloc (size_t); > void *calloc (size_t, size_t); > void *realloc (void *, size_t); > +void *reallocarray (void *, size_t, size_t); > void free (void *); > void *aligned_alloc(size_t, size_t); The declaration has to be in a suitably FTM-protected section of stdlib.h not here (under _BSD_SOURCE, which is equivalent to _DEFAULT_SOURCE). > diff --git a/src/malloc/reallocarray.c b/src/malloc/reallocarray.c > new file mode 100644 > index 00000000..733cb16a > --- /dev/null > +++ b/src/malloc/reallocarray.c > @@ -0,0 +1,13 @@ > +#include > +#include > +#include And the appropriate FTM (_BSD_SOURCE) should be defined at the top here so that the declaration is visible for the compiler to check against the definition. Also stdint.h seems not to be needed. > +void *reallocarray(void *ptr, size_t m, size_t n) > +{ > + if (n && m > (size_t) -1 / n) { > + errno = ENOMEM; > + return NULL; > + } And 0 is preferred over NULL in musl, and no space after the cast operator... although really the preferred style is no cast at all, and I'm not sure how calloc ended up with one. > + > + return realloc(ptr, m * n); > +} > -- > 2.27.0