From df591ee292c99ead3a286c50f64e5c461f3a9d8e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 4 Jan 2006 12:45:45 +0000 Subject: [PATCH] replace avahi_new() with a version that checks for an integer overflow (suggested by Martin Pitt) git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1053 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe --- avahi-common/malloc.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/avahi-common/malloc.h b/avahi-common/malloc.h index d911a3a..40b6272 100644 --- a/avahi-common/malloc.h +++ b/avahi-common/malloc.h @@ -26,6 +26,8 @@ #include #include +#include +#include #include #include @@ -44,11 +46,23 @@ void avahi_free(void *p); /** Similar to libc's realloc() */ void *avahi_realloc(void *p, size_t size); +/** Internal helper for avahi_new() */ +static inline void* avahi_new_internal(unsigned n, size_t k) { + assert(n < INT_MAX/k); + return avahi_malloc(n*k); +} + /** Allocate n new structures of the specified type. */ -#define avahi_new(type, n) ((type*) avahi_malloc((n)*sizeof(type))) +#define avahi_new(type, n) ((type*) avahi_new_internal((n), sizeof(type))) + +/** Internal helper for avahi_new0() */ +static inline void* avahi_new0_internal(unsigned n, size_t k) { + assert(n < INT_MAX/k); + return avahi_malloc0(n*k); +} /** Same as avahi_new() but set the memory to zero */ -#define avahi_new0(type, n) ((type*) avahi_malloc0((n)*sizeof(type))) +#define avahi_new0(type, n) ((type*) avahi_new0_internal((n), sizeof(type))) /** Just like libc's strdup() */ char *avahi_strdup(const char *s); -- 2.39.5