[cairo] Catching int overflows in allocations

Vladimir Vukicevic vladimir at pobox.com
Fri Jun 15 15:34:54 PDT 2007


Behdad Esfahbod wrote:
> On 6/12/07, *Vladimir Vukicevic* <vladimir at pobox.com 
> <mailto:vladimir at pobox.com>> wrote:
> 
>     The attached patch reworks a bunch of memory allocations in cairo to use
>     two new functions, _cairo_malloc2/_cairo_malloc3, that know how to check
>     for integer overflow before allocating.  The only things that weren't
>     converted were a few complex allocations in the glitz surface; those can
>     be done in a followup.  I also added a section to CODING_STYLE talking
>     about using these functions -- I hope that's an appropriate place
>     for this?
> 
> 
> Thanks Vlad.
> 
> Most looks good, I just don't like the overhead of a division there.  
> This however can be fixed by writing it as a macro:
> 
> #define cairo_malloc2(n, s) ((unsigned) n >= MAXINT / (unsigned) s ? 
> NULL : malloc ((unsigned) n * (unsigned) s))
> 
> This way the division can be optimized out at compile time.  Probably 
> better to write a very generic macro that mallocs for (m * n * s + k) or 
> ((m * n + k) * s) and then a few wrappers around it for the common cases.

Good call; here's a version that uses a macroized version that allows 
for the compile-time optimization.

     - Vlad

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cairo-malloc.patch
Url: http://cairographics.org/archives/cairo/attachments/20070615/fbf1dbc4/attachment-0001.txt 


More information about the cairo mailing list