Commit Graph

13 Commits

Author SHA1 Message Date
tg
667d792d6a • Address concerns of Chris Palmer from the Android security team
– possible integer overflows in memory allocation, mostly
    ‣ multiplication: all are checked now
    ‣ addition: reviewed them, most were “proven” or guessed to be
      “almost” impossible to run over (e.g. when we have a string
      whose length is taken it is assumed that the length will be
      more than only a few bytes below SIZE_MAX, since code and
      stack have to fit); some are checked now (e.g. when one of
      the summands is an off_t); most of the unchecked ones are
      annotated now
    ⇒ cost (MirBSD/i386 static): +76 .text
    ⇒ cost (Debian sid/i386): +779 .text  -4 .data
  – on Linux targets, setuid() setresuid() setresgid() can fail
    with EAGAIN; check for that and, if so, warn once and retry
    infinitely (other targets to be added later once we know that
    they are “insane”)
    ⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
  from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
2010-09-14 21:26:19 +00:00
tg
06c6be0a70 shave off another 468 bytes: we’re 300 bytes smaller than BEFORE the
cat builtin was added now… (also removed utf-8 from source files, in
favour of just ASCII)
2010-08-28 20:22:24 +00:00
tg
0e1266ef90 While mksh R39 builds fine on MirOS #7s8E on my trusty sparc, pgcc 2.95.3
throws out quite some warnings – fix most of them except most emitted via
-Wconversion; work around some others; discard bogus warnings.

sync clog
2009-08-08 13:08:53 +00:00
tg
b145ca5c9f • sync distrib/special/mksh/Makefile with bin/mksh/Build.sh and
fix the regression test’s results while here, which have been
  broken since cid 10049D9BE5254CE65B8
• get rid of separate copyright file which was intended for De-
  bian; track down commits in all files of oksh-mirbsd and mksh
  to get correct copyright years per-file, as is BSD custom
2009-05-16 16:59:42 +00:00
tg
d43f4efe60 employ some "nice" constants and comment lalloc.c 2009-04-07 18:56:51 +00:00
tg
4de58fe6fa globalise SIZE_MAX definition 2009-04-07 18:46:07 +00:00
tg
edf126c810 just assume realloc(NULL, n) is ANSI C89 (for n>0) but provide a
define to do otherwise; shrinks the code and optimises for speed
2009-03-24 18:34:39 +00:00
tg
9f37ccb368 fix up a bogus gcc4 uninitialised storage warning
(we’d initialise this to NULL anyway if we used realloc-can-take-NULL)
2009-03-24 14:07:41 +00:00
tg
c7b2af502e further simplify
XXX check whose platforms’ realloc(3) don’t take NULL
2009-03-24 08:53:45 +00:00
tg
ebfce0fafd we do not need the group backpointer, except for a (very little) amount
of sanitising; since this is supposed to be the lightweight allocator,
with the guarding allocator coming back in later, remove it

reduces memory consumption below what espie's allocator used ☺
2009-03-24 08:37:37 +00:00
tg
a8e3154b7a sometimes I have tomatoes on my eyes (or is it the CRT monitor?)
make SIZE_MAX portable, 10x to Jonathan “ciruZ” Schleifer for the hint
2009-03-23 10:31:15 +00:00
tg
004b3b1e08 unbreak with dietlibc, whose <stdint.h> has no SIZE_MAX, defying SUSv3 2009-03-23 09:08:35 +00:00
tg
ca539f08f0 remove espie's double-linked-list based allocator and write a
similarily simple one from scratch, which however performs
better than espie's with AFREE_DEBUG enabled which took away
the benefit of the double-linked-list approach

all of (core) mksh is now MirOS licenced
2009-03-22 16:55:38 +00:00