Re: [bug-gnulib] xmalloc, xnmalloc (was: Re: C++ support (2))

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gnulib] xmalloc, xnmalloc (was: Re: C++ support (2))

From:	Bruno Haible
Subject:	Re: [bug-gnulib] xmalloc, xnmalloc (was: Re: C++ support (2))
Date:	Wed, 1 Nov 2006 15:17:14 +0100
User-agent:	KMail/1.9.1

Paul Eggert wrote:
> I installed this patch instead.

Thanks.

> I prefer to put it into a C++ ghetto area of the code.

I was hesitating about this too.

What I realize now is that we are using xmalloc() too often, and xnmalloc()
not often enough. xnmalloc() is designed to be safe against integer
multiplication overflow. Yet we have this:

clean-temp.c:277:           xmalloc (new_allocated * sizeof (struct tempdir * 
volatile));
fatal-signal.c:210:     xmalloc (new_actions_allocated * sizeof 
(actions_entry_t));
fstrcmp.c:623:      buffer = (int *) xmalloc (bufmax * (2 * sizeof (int)));
getgroups.c:53:      gbuf = xmalloc (n * sizeof *gbuf);
gl_array_list.c:92:     (const void **) xmalloc (count * sizeof (const void *));
gl_carray_list.c:65:    (struct gl_list_impl *) xmalloc (sizeof (struct 
gl_list_impl));
group-member.c:60:  group = xmalloc (n_group_slots * sizeof *group);

The sinner is mostly me, but not only me :-)

How about adding a macro with type argument, like we had a few years ago
(before xnmalloc was invented)? One can design it with a type as argument,
or with an expression of that type as argument. Both are feasible in a way
such that
  1. xnmalloc is called, enabling the overflow check,
  2. there are no warnings/errors about the return type.

Here's some prototype code for testing. What do you think?

Bruno

---------------------------------------------------------------------------
#include <stdlib.h>
extern void * xmalloc (size_t n);
extern void * xnmalloc (size_t n, size_t s);

#define XALLOC_WITH_TYPE(N,TYPE) (TYPE *) xnmalloc (N, sizeof (TYPE))

#ifdef __cplusplus
template <typename T>
  inline T * XALLOC_WITH_EXPRESSION (size_t n, T expr)
  {
    return (T *) xnmalloc (n, sizeof (T));
  }
#else
#define XALLOC_WITH_EXPRESSION(N,EXPR) xnmalloc (N, sizeof (EXPR))
#endif

struct foo { int x; char y; };

struct foo * bar1 ()
{
  return XALLOC_WITH_TYPE (3, struct foo);
}

struct foo * bar2 (struct foo *p)
{
  return XALLOC_WITH_EXPRESSION (3, *p);
}

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [bug-gnulib] xmalloc, xnmalloc (was: Re: C++ support (2)), Bruno Haible <=
- Re: [bug-gnulib] xmalloc, xnmalloc, Paul Eggert, 2006/11/01
  - Re: [bug-gnulib] xmalloc, xnmalloc, Bruno Haible, 2006/11/02
    - Re: [bug-gnulib] xmalloc, xnmalloc, Paul Eggert, 2006/11/02
    - Re: [bug-gnulib] xmalloc, xnmalloc, Bruno Haible, 2006/11/06
    - Re: [bug-gnulib] xmalloc, xnmalloc, Paul Eggert, 2006/11/06
    - Re: [bug-gnulib] xmalloc, xnmalloc, Bruno Haible, 2006/11/07
    - Re: [bug-gnulib] xmalloc, xnmalloc, Bruno Haible, 2006/11/07
    - Re: [bug-gnulib] xmalloc, xnmalloc, Paul Eggert, 2006/11/07
    - Re: [bug-gnulib] xmalloc, xnmalloc, Bruno Haible, 2006/11/08
    - Re: [bug-gnulib] xmalloc, xnmalloc, Bruno Haible, 2006/11/08

Prev by Date: Re: [bug-gnulib] C++ support (3)
Next by Date: C++ support (5)
Previous by thread: Re: C++ support (3)
Next by thread: Re: [bug-gnulib] xmalloc, xnmalloc
Index(es):
- Date
- Thread