diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-04-27 14:27:14 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2018-04-27 14:29:06 +0200 |
commit | 1232c44718b04024d1cccecb5c0ae75c311eaea3 (patch) | |
tree | 2defed79656019d32298192e8a291b3dd7d7ee1d /src/basic | |
parent | tree-wide: be more careful with the type of array sizes (diff) | |
download | systemd-1232c44718b04024d1cccecb5c0ae75c311eaea3.tar.xz systemd-1232c44718b04024d1cccecb5c0ae75c311eaea3.zip |
alloca: add an overflow check too
Of course, alloca() shouldn't be used with anything that can grow
without bounds anyway, but let's better safe than sorry, and catch this
early.
Since alloca() is not supposed to return an error we trigger an
assert() instead, which is still better than heap trickery.
Diffstat (limited to 'src/basic')
-rw-r--r-- | src/basic/alloc-util.h | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h index 88cd6b0bc2..bae6a28451 100644 --- a/src/basic/alloc-util.h +++ b/src/basic/alloc-util.h @@ -18,9 +18,17 @@ #define new0(t, n) ((t*) calloc((n), sizeof(t))) -#define newa(t, n) ((t*) alloca(sizeof(t)*(n))) +#define newa(t, n) \ + ({ \ + assert(!size_multiply_overflow(sizeof(t), n)); \ + (t*) alloca(sizeof(t)*(n)); \ + }) -#define newa0(t, n) ((t*) alloca0(sizeof(t)*(n))) +#define newa0(t, n) \ + ({ \ + assert(!size_multiply_overflow(sizeof(t), n)); \ + (t*) alloca0(sizeof(t)*(n)); \ + }) #define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n))) |