mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-08 08:58:00 +00:00
5d718ef64b
The number of people has been steadily increasing who read our source
code with an editor that thinks tab stops are 4 spaces apart, as
opposed to the traditional tty-derived 8 that the PuTTY code expects.
So I've been wondering for ages about just fixing it, and switching to
a spaces-only policy throughout the code. And I recently found out
about 'git blame -w', which should make this change not too disruptive
for the purposes of source-control archaeology; so perhaps now is the
time.
While I'm at it, I've also taken the opportunity to remove all the
trailing spaces from source lines (on the basis that git dislikes
them, and is the only thing that seems to have a strong opinion one
way or the other).
Apologies to anyone downstream of this code who has complicated patch
sets to rebase past this change. I don't intend it to be needed again.
129 lines
5.3 KiB
C
129 lines
5.3 KiB
C
/*
|
|
* PuTTY memory-handling header.
|
|
*/
|
|
|
|
#ifndef PUTTY_PUTTYMEM_H
|
|
#define PUTTY_PUTTYMEM_H
|
|
|
|
#include <stddef.h> /* for size_t */
|
|
#include <string.h> /* for memcpy() */
|
|
|
|
#include "defs.h"
|
|
|
|
#define smalloc(z) safemalloc(z,1,0)
|
|
#define snmalloc safemalloc
|
|
#define srealloc(y,z) saferealloc(y,z,1)
|
|
#define snrealloc saferealloc
|
|
#define sfree safefree
|
|
|
|
void *safemalloc(size_t factor1, size_t factor2, size_t addend);
|
|
void *saferealloc(void *, size_t, size_t);
|
|
void safefree(void *);
|
|
|
|
/*
|
|
* Direct use of smalloc within the code should be avoided where
|
|
* possible, in favour of these type-casting macros which ensure you
|
|
* don't mistakenly allocate enough space for one sort of structure
|
|
* and assign it to a different sort of pointer. sresize also uses
|
|
* TYPECHECK to verify that the _input_ pointer is a pointer to the
|
|
* correct type.
|
|
*/
|
|
#define snew(type) ((type *)snmalloc(1, sizeof(type), 0))
|
|
#define snewn(n, type) ((type *)snmalloc((n), sizeof(type), 0))
|
|
#define sresize(ptr, n, type) TYPECHECK((type *)0 == (ptr), \
|
|
((type *)snrealloc((ptr), (n), sizeof(type))))
|
|
|
|
/*
|
|
* For cases where you want to allocate a struct plus a subsidiary
|
|
* data buffer in one step, this macro lets you add a constant to the
|
|
* amount malloced.
|
|
*
|
|
* Since the return value is already cast to the struct type, a
|
|
* pointer to that many bytes of extra data can be conveniently
|
|
* obtained by simply adding 1 to the returned pointer!
|
|
* snew_plus_get_aux is a handy macro that does that and casts the
|
|
* result to void *, so you can assign it straight to wherever you
|
|
* wanted it.
|
|
*/
|
|
#define snew_plus(type, extra) ((type *)snmalloc(1, sizeof(type), (extra)))
|
|
#define snew_plus_get_aux(ptr) ((void *)((ptr) + 1))
|
|
|
|
/*
|
|
* Helper macros to deal with the common use case of growing an array.
|
|
*
|
|
* The common setup is that 'array' is a pointer to the first element
|
|
* of a dynamic array of some type, and 'size' represents the current
|
|
* allocated size of that array (in elements). Both of those macro
|
|
* parameters are implicitly written back to.
|
|
*
|
|
* Then sgrowarray(array, size, n) means: make sure the nth element of
|
|
* the array exists (i.e. the size is at least n+1). You call that
|
|
* before writing to the nth element, if you're looping round
|
|
* appending to the array.
|
|
*
|
|
* If you need to grow the array by more than one element, you can
|
|
* instead call sgrowarrayn(array, size, n, m), which will ensure the
|
|
* size of the array is at least n+m. (So sgrowarray is just the
|
|
* special case of that in which m == 1.)
|
|
*
|
|
* It's common to call sgrowarrayn with one of n,m equal to the
|
|
* previous logical length of the array, and the other equal to the
|
|
* new number of logical entries you want to add, so that n <= size on
|
|
* entry. But that's not actually a mandatory precondition: the two
|
|
* length parameters are just arbitrary integers that get added
|
|
* together with an initial check for overflow, and the semantics are
|
|
* simply 'make sure the array is big enough to take their sum, no
|
|
* matter how big it was to start with'.)
|
|
*
|
|
* Another occasionally useful idiom is to call sgrowarray with n ==
|
|
* size, i.e. sgrowarray(array, size, size). That just means: make
|
|
* array bigger by _some_ amount, I don't particularly mind how much.
|
|
* You might use that style if you were repeatedly calling an API
|
|
* function outside your control, which would either fill your buffer
|
|
* and return success, or else return a 'too big' error without
|
|
* telling you how much bigger it needed to be.
|
|
*
|
|
* The _nm variants of the macro set the 'private' flag in the
|
|
* underlying function, which forces array resizes to be done by a
|
|
* manual allocate/copy/free instead of realloc, with careful clearing
|
|
* of the previous memory block before we free it. This costs
|
|
* performance, but if the block contains important secrets such as
|
|
* private keys or passwords, it avoids the risk that a realloc that
|
|
* moves the memory block might leave a copy of the data visible in
|
|
* the freed memory at the previous location.
|
|
*/
|
|
void *safegrowarray(void *array, size_t *size, size_t eltsize,
|
|
size_t oldlen, size_t extralen, bool private);
|
|
|
|
/* The master macro wrapper, of which all others are special cases */
|
|
#define sgrowarray_general(array, size, n, m, priv) \
|
|
((array) = safegrowarray(array, &(size), sizeof(*array), n, m, priv))
|
|
|
|
/* The special-case macros that are easier to use in most situations */
|
|
#define sgrowarrayn( a, s, n, m) sgrowarray_general(a, s, n, m, false)
|
|
#define sgrowarray( a, s, n ) sgrowarray_general(a, s, n, 1, false)
|
|
#define sgrowarrayn_nm(a, s, n, m) sgrowarray_general(a, s, n, m, true )
|
|
#define sgrowarray_nm( a, s, n ) sgrowarray_general(a, s, n, 1, true )
|
|
|
|
/*
|
|
* This function is called by the innermost safemalloc/saferealloc
|
|
* functions when allocation fails. Usually it's provided by misc.c
|
|
* which ties it into an application's existing modalfatalbox()
|
|
* system, but standalone test applications can reimplement it some
|
|
* other way if they prefer.
|
|
*/
|
|
NORETURN void out_of_memory(void);
|
|
|
|
#ifdef MINEFIELD
|
|
/*
|
|
* Definitions for Minefield, PuTTY's own Windows-specific malloc
|
|
* debugger in the style of Electric Fence. Implemented in winmisc.c,
|
|
* and referred to by the main malloc wrappers in memory.c.
|
|
*/
|
|
void *minefield_c_malloc(size_t size);
|
|
void minefield_c_free(void *p);
|
|
void *minefield_c_realloc(void *p, size_t size);
|
|
#endif
|
|
|
|
#endif
|