mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
5d718ef64b
The number of people has been steadily increasing who read our source code with an editor that thinks tab stops are 4 spaces apart, as opposed to the traditional tty-derived 8 that the PuTTY code expects. So I've been wondering for ages about just fixing it, and switching to a spaces-only policy throughout the code. And I recently found out about 'git blame -w', which should make this change not too disruptive for the purposes of source-control archaeology; so perhaps now is the time. While I'm at it, I've also taken the opportunity to remove all the trailing spaces from source lines (on the basis that git dislikes them, and is the only thing that seems to have a strong opinion one way or the other). Apologies to anyone downstream of this code who has complicated patch sets to rebase past this change. I don't intend it to be needed again.
133 lines
2.9 KiB
C
133 lines
2.9 KiB
C
/*
|
|
* PuTTY's memory allocation wrappers.
|
|
*/
|
|
|
|
#include <assert.h>
|
|
#include <stdlib.h>
|
|
#include <limits.h>
|
|
|
|
#include "defs.h"
|
|
#include "puttymem.h"
|
|
#include "misc.h"
|
|
|
|
void *safemalloc(size_t factor1, size_t factor2, size_t addend)
|
|
{
|
|
if (factor1 > SIZE_MAX / factor2)
|
|
goto fail;
|
|
size_t product = factor1 * factor2;
|
|
|
|
if (addend > SIZE_MAX)
|
|
goto fail;
|
|
if (product > SIZE_MAX - addend)
|
|
goto fail;
|
|
size_t size = product + addend;
|
|
|
|
if (size == 0)
|
|
size = 1;
|
|
|
|
void *p;
|
|
#ifdef MINEFIELD
|
|
p = minefield_c_malloc(size);
|
|
#else
|
|
p = malloc(size);
|
|
#endif
|
|
|
|
if (!p)
|
|
goto fail;
|
|
|
|
return p;
|
|
|
|
fail:
|
|
out_of_memory();
|
|
}
|
|
|
|
void *saferealloc(void *ptr, size_t n, size_t size)
|
|
{
|
|
void *p;
|
|
|
|
if (n > INT_MAX / size) {
|
|
p = NULL;
|
|
} else {
|
|
size *= n;
|
|
if (!ptr) {
|
|
#ifdef MINEFIELD
|
|
p = minefield_c_malloc(size);
|
|
#else
|
|
p = malloc(size);
|
|
#endif
|
|
} else {
|
|
#ifdef MINEFIELD
|
|
p = minefield_c_realloc(ptr, size);
|
|
#else
|
|
p = realloc(ptr, size);
|
|
#endif
|
|
}
|
|
}
|
|
|
|
if (!p)
|
|
out_of_memory();
|
|
|
|
return p;
|
|
}
|
|
|
|
void safefree(void *ptr)
|
|
{
|
|
if (ptr) {
|
|
#ifdef MINEFIELD
|
|
minefield_c_free(ptr);
|
|
#else
|
|
free(ptr);
|
|
#endif
|
|
}
|
|
}
|
|
|
|
void *safegrowarray(void *ptr, size_t *allocated, size_t eltsize,
|
|
size_t oldlen, size_t extralen, bool secret)
|
|
{
|
|
/* The largest value we can safely multiply by eltsize */
|
|
assert(eltsize > 0);
|
|
size_t maxsize = (~(size_t)0) / eltsize;
|
|
|
|
size_t oldsize = *allocated;
|
|
|
|
/* Range-check the input values */
|
|
assert(oldsize <= maxsize);
|
|
assert(oldlen <= maxsize);
|
|
assert(extralen <= maxsize - oldlen);
|
|
|
|
/* If the size is already enough, don't bother doing anything! */
|
|
if (oldsize > oldlen + extralen)
|
|
return ptr;
|
|
|
|
/* Find out how much we need to grow the array by. */
|
|
size_t increment = (oldlen + extralen) - oldsize;
|
|
|
|
/* Invent a new size. We want to grow the array by at least
|
|
* 'increment' elements; by at least a fixed number of bytes (to
|
|
* get things started when sizes are small); and by some constant
|
|
* factor of its old size (to avoid repeated calls to this
|
|
* function taking quadratic time overall). */
|
|
if (increment < 256 / eltsize)
|
|
increment = 256 / eltsize;
|
|
if (increment < oldsize / 16)
|
|
increment = oldsize / 16;
|
|
|
|
/* But we also can't grow beyond maxsize. */
|
|
size_t maxincr = maxsize - oldsize;
|
|
if (increment > maxincr)
|
|
increment = maxincr;
|
|
|
|
size_t newsize = oldsize + increment;
|
|
void *toret;
|
|
if (secret) {
|
|
toret = safemalloc(newsize, eltsize, 0);
|
|
memcpy(toret, ptr, oldsize * eltsize);
|
|
smemclr(ptr, oldsize * eltsize);
|
|
sfree(ptr);
|
|
} else {
|
|
toret = saferealloc(ptr, newsize, eltsize);
|
|
}
|
|
*allocated = newsize;
|
|
return toret;
|
|
}
|