667d792d6a
– possible integer overflows in memory allocation, mostly ‣ multiplication: all are checked now ‣ addition: reviewed them, most were “proven” or guessed to be “almost” impossible to run over (e.g. when we have a string whose length is taken it is assumed that the length will be more than only a few bytes below SIZE_MAX, since code and stack have to fit); some are checked now (e.g. when one of the summands is an off_t); most of the unchecked ones are annotated now ⇒ cost (MirBSD/i386 static): +76 .text ⇒ cost (Debian sid/i386): +779 .text -4 .data – on Linux targets, setuid() setresuid() setresgid() can fail with EAGAIN; check for that and, if so, warn once and retry infinitely (other targets to be added later once we know that they are “insane”) ⇒ cost (Debian sid/i386): +192 .text (includes .rodata) • setmode.c: Do overflow checking for realloc() too; switch back from calloc() to a checked malloc() for simplification while there • define -DIN_MKSH and let setmode.c look a tad nicer while here
134 lines
3.3 KiB
C
134 lines
3.3 KiB
C
/*-
|
|
* Copyright (c) 2009, 2010
|
|
* Thorsten Glaser <tg@mirbsd.org>
|
|
*
|
|
* Provided that these terms and disclaimer and all copyright notices
|
|
* are retained or reproduced in an accompanying document, permission
|
|
* is granted to deal in this work without restriction, including un-
|
|
* limited rights to use, publicly perform, distribute, sell, modify,
|
|
* merge, give away, or sublicence.
|
|
*
|
|
* This work is provided "AS IS" and WITHOUT WARRANTY of any kind, to
|
|
* the utmost extent permitted by applicable law, neither express nor
|
|
* implied; without malicious intent or gross negligence. In no event
|
|
* may a licensor, author or contributor be held liable for indirect,
|
|
* direct, other damage, loss, or other issues arising in any way out
|
|
* of dealing in the work, even if advised of the possibility of such
|
|
* damage or existence of a defect, except proven that it results out
|
|
* of said person's immediate fault when using the work as intended.
|
|
*/
|
|
|
|
#include "sh.h"
|
|
|
|
__RCSID("$MirOS: src/bin/mksh/lalloc.c,v 1.13 2010/09/14 21:26:14 tg Exp $");
|
|
|
|
/* build with CPPFLAGS+= -DUSE_REALLOC_MALLOC=0 on ancient systems */
|
|
#if defined(USE_REALLOC_MALLOC) && (USE_REALLOC_MALLOC == 0)
|
|
#define remalloc(p,n) ((p) == NULL ? malloc(n) : realloc((p), (n)))
|
|
#else
|
|
#define remalloc(p,n) realloc((p), (n))
|
|
#endif
|
|
|
|
#define ALLOC_ISUNALIGNED(p) (((ptrdiff_t)(p)) % ALLOC_SIZE)
|
|
|
|
static ALLOC_ITEM *findptr(ALLOC_ITEM **, char *, Area *);
|
|
|
|
void
|
|
ainit(Area *ap)
|
|
{
|
|
/* area pointer is an ALLOC_ITEM, just the head of the list */
|
|
ap->next = NULL;
|
|
}
|
|
|
|
static ALLOC_ITEM *
|
|
findptr(ALLOC_ITEM **lpp, char *ptr, Area *ap)
|
|
{
|
|
void *lp;
|
|
|
|
#ifndef MKSH_SMALL
|
|
if (ALLOC_ISUNALIGNED(ptr))
|
|
goto fail;
|
|
#endif
|
|
/* get address of ALLOC_ITEM from user item */
|
|
/*
|
|
* note: the alignment of "ptr" to ALLOC_SIZE is checked
|
|
* above; the "void *" gets us rid of a gcc 2.95 warning
|
|
*/
|
|
*lpp = (lp = ptr - ALLOC_SIZE);
|
|
/* search for allocation item in group list */
|
|
while (ap->next != lp)
|
|
if ((ap = ap->next) == NULL) {
|
|
#ifndef MKSH_SMALL
|
|
fail:
|
|
#endif
|
|
internal_errorf("rogue pointer %lX",
|
|
(long)(ptrdiff_t)ptr);
|
|
}
|
|
return (ap);
|
|
}
|
|
|
|
void *
|
|
aresize2(void *ptr, size_t fac1, size_t fac2, Area *ap)
|
|
{
|
|
if (fac1 && fac2 && (SIZE_MAX / fac1 < fac2))
|
|
internal_errorf(T_intovfl, (unsigned long)fac1, '*',
|
|
(unsigned long)fac2);
|
|
return (aresize(ptr, fac1 * fac2, ap));
|
|
}
|
|
|
|
void *
|
|
aresize(void *ptr, size_t numb, Area *ap)
|
|
{
|
|
ALLOC_ITEM *lp = NULL;
|
|
|
|
/* resizing (true) or newly allocating? */
|
|
if (ptr != NULL) {
|
|
ALLOC_ITEM *pp;
|
|
|
|
pp = findptr(&lp, ptr, ap);
|
|
pp->next = lp->next;
|
|
}
|
|
|
|
if (notoktoadd(numb, ALLOC_SIZE) ||
|
|
(lp = remalloc(lp, numb + ALLOC_SIZE)) == NULL
|
|
#ifndef MKSH_SMALL
|
|
|| ALLOC_ISUNALIGNED(lp)
|
|
#endif
|
|
)
|
|
internal_errorf("can't allocate %lu data bytes",
|
|
(unsigned long)numb);
|
|
/* this only works because Area is an ALLOC_ITEM */
|
|
lp->next = ap->next;
|
|
ap->next = lp;
|
|
/* return user item address */
|
|
return ((char *)lp + ALLOC_SIZE);
|
|
}
|
|
|
|
void
|
|
afree(void *ptr, Area *ap)
|
|
{
|
|
if (ptr != NULL) {
|
|
ALLOC_ITEM *lp, *pp;
|
|
|
|
pp = findptr(&lp, ptr, ap);
|
|
/* unhook */
|
|
pp->next = lp->next;
|
|
/* now free ALLOC_ITEM */
|
|
free(lp);
|
|
}
|
|
}
|
|
|
|
void
|
|
afreeall(Area *ap)
|
|
{
|
|
ALLOC_ITEM *lp;
|
|
|
|
/* traverse group (linked list) */
|
|
while ((lp = ap->next) != NULL) {
|
|
/* make next ALLOC_ITEM head of list */
|
|
ap->next = lp->next;
|
|
/* free old head */
|
|
free(lp);
|
|
}
|
|
}
|