1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/* libguestfs
* Copyright (C) 2009-2012 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include "guestfs.h"
#include "guestfs-internal.h"
void *
guestfs_safe_malloc (guestfs_h *g, size_t nbytes)
{
void *ptr = malloc (nbytes);
if (nbytes > 0 && !ptr) g->abort_cb ();
return ptr;
}
/* Return 1 if an array of N objects, each of size S, cannot exist due
to size arithmetic overflow. S must be positive and N must be
nonnegative. This is a macro, not an inline function, so that it
works correctly even when SIZE_MAX < N.
By gnulib convention, SIZE_MAX represents overflow in size
calculations, so the conservative dividend to use here is
SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value.
However, malloc (SIZE_MAX) fails on all known hosts where
sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for
exactly-SIZE_MAX allocations on such hosts; this avoids a test and
branch when S is known to be 1. */
# define xalloc_oversized(n, s) \
((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n))
/* Technically we should add an autoconf test for this, testing for the desired
functionality, like what's done in gnulib, but for now, this is fine. */
#if defined(__GLIBC__)
#define HAVE_GNU_CALLOC (__GLIBC__ >= 2)
#else
#define HAVE_GNU_CALLOC 0
#endif
/* Allocate zeroed memory for N elements of S bytes, with error
checking. S must be nonzero. */
void *
guestfs_safe_calloc (guestfs_h *g, size_t n, size_t s)
{
/* From gnulib's calloc function in xmalloc.c. */
void *p;
/* Test for overflow, since some calloc implementations don't have
proper overflow checks. But omit overflow and size-zero tests if
HAVE_GNU_CALLOC, since GNU calloc catches overflow and never
returns NULL if successful. */
if ((! HAVE_GNU_CALLOC && xalloc_oversized (n, s))
|| (! (p = calloc (n, s)) && (HAVE_GNU_CALLOC || n != 0)))
g->abort_cb ();
return p;
}
void *
guestfs_safe_realloc (guestfs_h *g, void *ptr, size_t nbytes)
{
void *p = realloc (ptr, nbytes);
if (nbytes > 0 && !p) g->abort_cb ();
return p;
}
char *
guestfs_safe_strdup (guestfs_h *g, const char *str)
{
char *s = strdup (str);
if (!s) g->abort_cb ();
return s;
}
char *
guestfs_safe_strndup (guestfs_h *g, const char *str, size_t n)
{
char *s = strndup (str, n);
if (!s) g->abort_cb ();
return s;
}
void *
guestfs_safe_memdup (guestfs_h *g, const void *ptr, size_t size)
{
void *p = malloc (size);
if (!p) g->abort_cb ();
memcpy (p, ptr, size);
return p;
}
char *
guestfs_safe_asprintf (guestfs_h *g, const char *fs, ...)
{
va_list args;
char *msg;
va_start (args, fs);
int err = vasprintf (&msg, fs, args);
va_end (args);
if (err == -1)
g->abort_cb ();
return msg;
}
|