[cairo] Catching int overflows in allocations
vladimir at pobox.com
Fri Jun 15 15:34:54 PDT 2007
Behdad Esfahbod wrote:
> On 6/12/07, *Vladimir Vukicevic* <vladimir at pobox.com
> <mailto:vladimir at pobox.com>> wrote:
> The attached patch reworks a bunch of memory allocations in cairo to use
> two new functions, _cairo_malloc2/_cairo_malloc3, that know how to check
> for integer overflow before allocating. The only things that weren't
> converted were a few complex allocations in the glitz surface; those can
> be done in a followup. I also added a section to CODING_STYLE talking
> about using these functions -- I hope that's an appropriate place
> for this?
> Thanks Vlad.
> Most looks good, I just don't like the overhead of a division there.
> This however can be fixed by writing it as a macro:
> #define cairo_malloc2(n, s) ((unsigned) n >= MAXINT / (unsigned) s ?
> NULL : malloc ((unsigned) n * (unsigned) s))
> This way the division can be optimized out at compile time. Probably
> better to write a very generic macro that mallocs for (m * n * s + k) or
> ((m * n + k) * s) and then a few wrappers around it for the common cases.
Good call; here's a version that uses a macroized version that allows
for the compile-time optimization.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the cairo