lib{c,openbsd}: use ckd_mul() for overflow checking in re(c)allocarray

Summary:
This makes the code easier to understand and slightly faster,
but requires C23.  calloc() would  benefit, too, but I didn't
want to touch the imported jemalloc code base.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D52854
This commit is contained in:
Robert Clausecker
2025-10-02 15:26:46 +02:00
parent a8d774d970
commit 7233893e94
2 changed files with 8 additions and 21 deletions
+5 -9
View File
@@ -17,23 +17,19 @@
#include <sys/types.h>
#include <errno.h>
#include <stdckdint.h>
#include <stdint.h>
#include <stdlib.h>
/*
* This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
* if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
*/
#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
void *
reallocarray(void *optr, size_t nmemb, size_t size)
{
size_t nbytes;
if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
nmemb > 0 && SIZE_MAX / nmemb < size) {
if (ckd_mul(&nbytes, nmemb, size)) {
errno = ENOMEM;
return (NULL);
}
return (realloc(optr, size * nmemb));
return (realloc(optr, nbytes));
}
+3 -12
View File
@@ -16,17 +16,12 @@
*/
#include <errno.h>
#include <stdckdint.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <unistd.h>
/*
* This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
* if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
*/
#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
void *recallocarray(void *, size_t, size_t, size_t);
void *
@@ -38,19 +33,15 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
if (ptr == NULL)
return calloc(newnmemb, size);
if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
newnmemb > 0 && SIZE_MAX / newnmemb < size) {
if (ckd_mul(&newsize, newnmemb, size)) {
errno = ENOMEM;
return NULL;
}
newsize = newnmemb * size;
if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
oldnmemb > 0 && SIZE_MAX / oldnmemb < size) {
if (ckd_mul(&oldsize, oldnmemb, size)) {
errno = EINVAL;
return NULL;
}
oldsize = oldnmemb * size;
/*
* Don't bother too much if we're shrinking just a bit,