From 9f36610f9ef53017afbc50520b999882958c402c Mon Sep 17 00:00:00 2001 From: "Pedro F. Giffuni" Date: Sun, 12 Mar 2017 16:03:34 +0000 Subject: [PATCH] libc: provide some bounds-checking through reallocarray(3). reallocarray(3) is a non portable extension that originated in OpenBSD. Given that it is already in FreeBSD's libc it is useful for the cases where reallocation involves a multiplication. MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D9955 --- lib/libc/gen/glob.c | 8 ++++---- lib/libc/gen/scandir.c | 4 ++-- lib/libc/gen/setmode.c | 2 +- lib/libc/gen/wordexp.c | 4 ++-- lib/libc/iconv/citrus_esdb.c | 2 +- lib/libc/net/nsdispatch.c | 2 +- lib/libc/regex/regcomp.c | 12 ++++++------ lib/libc/rpc/getnetconfig.c | 4 ++-- lib/libc/stdio/open_wmemstream.c | 2 +- lib/libc/stdio/printf-pos.c | 2 +- lib/libc/stdio/ungetc.c | 4 ++-- lib/libc/stdlib/getenv.c | 8 ++++---- 12 files changed, 27 insertions(+), 27 deletions(-) diff --git a/lib/libc/gen/glob.c b/lib/libc/gen/glob.c index 0e7ac3bb18a..51bf347d297 100644 --- a/lib/libc/gen/glob.c +++ b/lib/libc/gen/glob.c @@ -850,7 +850,7 @@ globextend(const Char *path, glob_t *pglob, struct glob_limit *limit, const char *origpat) { char **pathv; - size_t i, newsize, len; + size_t i, newn, len; char *copy; const Char *p; @@ -860,9 +860,9 @@ globextend(const Char *path, glob_t *pglob, struct glob_limit *limit, return (GLOB_NOSPACE); } - newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); - /* realloc(NULL, newsize) is equivalent to malloc(newsize). */ - pathv = realloc((void *)pglob->gl_pathv, newsize); + newn = 2 + pglob->gl_pathc + pglob->gl_offs; + /* reallocarray(NULL, newn, size) is equivalent to malloc(newn*size). */ + pathv = reallocarray(pglob->gl_pathv, newn, sizeof(*pathv)); if (pathv == NULL) return (GLOB_NOSPACE); diff --git a/lib/libc/gen/scandir.c b/lib/libc/gen/scandir.c index ac5d43c068b..65dc132bd6e 100644 --- a/lib/libc/gen/scandir.c +++ b/lib/libc/gen/scandir.c @@ -116,8 +116,8 @@ scandir(const char *dirname, struct dirent ***namelist, if (numitems >= arraysz) { struct dirent **names2; - names2 = (struct dirent **)realloc((char *)names, - (arraysz * 2) * sizeof(struct dirent *)); + names2 = reallocarray(names, arraysz, + 2 * sizeof(struct dirent *)); if (names2 == NULL) { free(p); goto fail; diff --git a/lib/libc/gen/setmode.c b/lib/libc/gen/setmode.c index a96fe2cb6af..c64c94743a0 100644 --- a/lib/libc/gen/setmode.c +++ b/lib/libc/gen/setmode.c @@ -155,7 +155,7 @@ common: if (set->cmd2 & CMD2_CLR) { if (set >= endset) { \ BITCMD *newset; \ setlen += SET_LEN_INCR; \ - newset = realloc(saveset, sizeof(BITCMD) * setlen); \ + newset = reallocarray(saveset, setlen, sizeof(BITCMD)); \ if (newset == NULL) \ goto out; \ set = newset + (set - saveset); \ diff --git a/lib/libc/gen/wordexp.c b/lib/libc/gen/wordexp.c index 3791e1e05b1..dda6ababa1c 100644 --- a/lib/libc/gen/wordexp.c +++ b/lib/libc/gen/wordexp.c @@ -234,8 +234,8 @@ we_askshell(const char *words, wordexp_t *we, int flags) vofs += we->we_offs; we->we_wordc += nwords; we->we_nbytes += nbytes; - if ((nwv = realloc(we->we_wordv, (we->we_wordc + 1 + - (flags & WRDE_DOOFFS ? we->we_offs : 0)) * + if ((nwv = reallocarray(we->we_wordv, (we->we_wordc + 1 + + (flags & WRDE_DOOFFS ? we->we_offs : 0)), sizeof(char *))) == NULL) { error = WRDE_NOSPACE; goto cleanup; diff --git a/lib/libc/iconv/citrus_esdb.c b/lib/libc/iconv/citrus_esdb.c index f5989fdcaa7..4a07ecafce7 100644 --- a/lib/libc/iconv/citrus_esdb.c +++ b/lib/libc/iconv/citrus_esdb.c @@ -347,7 +347,7 @@ _citrus_esdb_get_list(char ***rlist, size_t *rnum, bool sorted) ret = 0; /* XXX: why reallocing the list space posteriorly? shouldn't be done earlier? */ - q = realloc(list, num * sizeof(char *)); + q = reallocarray(list, num, sizeof(char *)); if (!q) { ret = ENOMEM; goto quit3; diff --git a/lib/libc/net/nsdispatch.c b/lib/libc/net/nsdispatch.c index d8bc2a7ff05..a0defa50bab 100644 --- a/lib/libc/net/nsdispatch.c +++ b/lib/libc/net/nsdispatch.c @@ -213,7 +213,7 @@ vector_append(const void *elem, void *vec, unsigned int *count, size_t esize) void *p; if ((*count % ELEMSPERCHUNK) == 0) { - p = realloc(vec, (*count + ELEMSPERCHUNK) * esize); + p = reallocarray(vec, *count + ELEMSPERCHUNK, esize); if (p == NULL) { nss_log_simple(LOG_ERR, "memory allocation failure"); return (vec); diff --git a/lib/libc/regex/regcomp.c b/lib/libc/regex/regcomp.c index 31264b58bcc..95764717bda 100644 --- a/lib/libc/regex/regcomp.c +++ b/lib/libc/regex/regcomp.c @@ -1143,7 +1143,7 @@ allocset(struct parse *p) { cset *cs, *ncs; - ncs = realloc(p->g->sets, (p->g->ncsets + 1) * sizeof(*ncs)); + ncs = reallocarray(p->g->sets, p->g->ncsets + 1, sizeof(*ncs)); if (ncs == NULL) { SETERROR(REG_ESPACE); return (NULL); @@ -1206,7 +1206,7 @@ CHadd(struct parse *p, cset *cs, wint_t ch) if (ch < NC) cs->bmp[ch >> 3] |= 1 << (ch & 7); else { - newwides = realloc(cs->wides, (cs->nwides + 1) * + newwides = reallocarray(cs->wides, cs->nwides + 1, sizeof(*cs->wides)); if (newwides == NULL) { SETERROR(REG_ESPACE); @@ -1235,7 +1235,7 @@ CHaddrange(struct parse *p, cset *cs, wint_t min, wint_t max) CHadd(p, cs, min); if (min >= max) return; - newranges = realloc(cs->ranges, (cs->nranges + 1) * + newranges = reallocarray(cs->ranges, cs->nranges + 1, sizeof(*cs->ranges)); if (newranges == NULL) { SETERROR(REG_ESPACE); @@ -1259,7 +1259,7 @@ CHaddtype(struct parse *p, cset *cs, wctype_t wct) for (i = 0; i < NC; i++) if (iswctype(i, wct)) CHadd(p, cs, i); - newtypes = realloc(cs->types, (cs->ntypes + 1) * + newtypes = reallocarray(cs->types, cs->ntypes + 1, sizeof(*cs->types)); if (newtypes == NULL) { SETERROR(REG_ESPACE); @@ -1382,7 +1382,7 @@ enlarge(struct parse *p, sopno size) if (p->ssize >= size) return 1; - sp = (sop *)realloc(p->strip, size*sizeof(sop)); + sp = reallocarray(p->strip, size, sizeof(sop)); if (sp == NULL) { SETERROR(REG_ESPACE); return 0; @@ -1400,7 +1400,7 @@ static void stripsnug(struct parse *p, struct re_guts *g) { g->nstates = p->slen; - g->strip = (sop *)realloc((char *)p->strip, p->slen * sizeof(sop)); + g->strip = reallocarray((char *)p->strip, p->slen, sizeof(sop)); if (g->strip == NULL) { SETERROR(REG_ESPACE); g->strip = p->strip; diff --git a/lib/libc/rpc/getnetconfig.c b/lib/libc/rpc/getnetconfig.c index 6d504c5f55f..40e5a1bad7f 100644 --- a/lib/libc/rpc/getnetconfig.c +++ b/lib/libc/rpc/getnetconfig.c @@ -630,8 +630,8 @@ parse_ncp(char *stringp, struct netconfig *ncp) ncp->nc_lookups = NULL; ncp->nc_nlookups = 0; while ((cp = tokenp) != NULL) { - if ((nc_lookups = realloc(ncp->nc_lookups, - (ncp->nc_nlookups + 1) * sizeof *ncp->nc_lookups)) == NULL) { + if ((nc_lookups = reallocarray(ncp->nc_lookups, + ncp->nc_nlookups + 1, sizeof(*ncp->nc_lookups))) == NULL) { free(ncp->nc_lookups); ncp->nc_lookups = NULL; return (-1); diff --git a/lib/libc/stdio/open_wmemstream.c b/lib/libc/stdio/open_wmemstream.c index 3e8713f6b80..d3331aabee7 100644 --- a/lib/libc/stdio/open_wmemstream.c +++ b/lib/libc/stdio/open_wmemstream.c @@ -63,7 +63,7 @@ wmemstream_grow(struct wmemstream *ms, fpos_t newoff) else newsize = newoff; if (newsize > ms->len) { - buf = realloc(*ms->bufp, (newsize + 1) * sizeof(wchar_t)); + buf = reallocarray(*ms->bufp, newsize + 1, sizeof(wchar_t)); if (buf != NULL) { #ifdef DEBUG fprintf(stderr, "WMS: %p growing from %zd to %zd\n", diff --git a/lib/libc/stdio/printf-pos.c b/lib/libc/stdio/printf-pos.c index b81e27a2d64..5b36f1aff9b 100644 --- a/lib/libc/stdio/printf-pos.c +++ b/lib/libc/stdio/printf-pos.c @@ -655,7 +655,7 @@ __grow_type_table(struct typetable *types) return (-1); bcopy(oldtable, newtable, oldsize * sizeof(enum typeid)); } else { - newtable = realloc(oldtable, newsize * sizeof(enum typeid)); + newtable = reallocarray(oldtable, newsize, sizeof(enum typeid)); if (newtable == NULL) return (-1); } diff --git a/lib/libc/stdio/ungetc.c b/lib/libc/stdio/ungetc.c index 1695af772da..88c9da55518 100644 --- a/lib/libc/stdio/ungetc.c +++ b/lib/libc/stdio/ungetc.c @@ -73,14 +73,14 @@ __submore(FILE *fp) return (0); } i = fp->_ub._size; - p = realloc(fp->_ub._base, (size_t)(i << 1)); + p = reallocarray(fp->_ub._base, i, 2); if (p == NULL) return (EOF); /* no overlap (hence can use memcpy) because we doubled the size */ (void)memcpy((void *)(p + i), (void *)p, (size_t)i); fp->_p = p + i; fp->_ub._base = p; - fp->_ub._size = i << 1; + fp->_ub._size = i * 2; return (0); } diff --git a/lib/libc/stdlib/getenv.c b/lib/libc/stdlib/getenv.c index 845110388a2..8f2be1c9aba 100644 --- a/lib/libc/stdlib/getenv.c +++ b/lib/libc/stdlib/getenv.c @@ -272,8 +272,8 @@ __rebuild_environ(int newEnvironSize) /* Resize environ. */ if (newEnvironSize > environSize) { tmpEnvironSize = newEnvironSize * 2; - tmpEnviron = realloc(intEnviron, sizeof (*intEnviron) * - (tmpEnvironSize + 1)); + tmpEnviron = reallocarray(intEnviron, tmpEnvironSize + 1, + sizeof(*intEnviron)); if (tmpEnviron == NULL) return (-1); environSize = tmpEnvironSize; @@ -306,8 +306,8 @@ __enlarge_env(void) envVarsTotal++; if (envVarsTotal > envVarsSize) { newEnvVarsSize = envVarsTotal * 2; - tmpEnvVars = realloc(envVars, sizeof (*envVars) * - newEnvVarsSize); + tmpEnvVars = reallocarray(envVars, newEnvVarsSize, + sizeof(*envVars)); if (tmpEnvVars == NULL) { envVarsTotal--; return (false); -- 2.45.2