[cairo] Catching int overflows in allocations
Carl Worth
cworth at cworth.org
Tue Jun 19 12:33:43 PDT 2007
On Fri, 15 Jun 2007 15:34:54 -0700, Vladimir Vukicevic wrote:
> > The attached patch reworks a bunch of memory allocations in cairo to use
> > two new functions, _cairo_malloc2/_cairo_malloc3, that know how to check
> > for integer overflow before allocating.
This is great stuff, Vlad!
> +Because much of cairo's data consists of dynamically allocated arrays,
> +it's very easy to introduce integer overflow issues whenever malloc()
> +is called. Use the _cairo_malloc2(), _cairo_malloc3(), and
> +_cairo_malloc2k macros to avoid these cases; these macros check for
> +overflow and will return NULL in that case.
I think the malloc2 and malloc3 names were sufficient if we are doing
nothing but multiplication here. But if we're throwing addition into
the mix, I don't think malloc2k makes that clear at all.
How about these instead:
_cairo_malloc_ab
_cairo_malloc_abc
_cairo_malloc_ab_plus_c
> +In general, be wary of performing any arithmetic operations in an
> +argument to malloc. You should explicitly check for integer overflow
> +yourself in any more complex situations. For example:
> +
> + malloc (sizeof(header) + n_items * sizeof(item))
Looks like this example can go away since you're now providing a macro
for it so it won't have to be manual anymore.
Thanks again,
-Carl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://cairographics.org/archives/cairo/attachments/20070619/416565b6/attachment.pgp
More information about the cairo
mailing list