# HG changeset patch # User Paul Eggert # Date 1068147649 0 # Node ID 2759ea168f259636d760649919a02ee926f6765d # Parent 21b00e0426f7467d4adaf3558beed703980ebc05 Reject allocations of exactly SIZE_MAX bytes. diff --git a/lib/ChangeLog b/lib/ChangeLog --- a/lib/ChangeLog +++ b/lib/ChangeLog @@ -1,3 +1,11 @@ +2003-11-06 Paul Eggert + + * xalloc.h [HAVE_STDINT_H]: Include . + (xalloc_oversized) [! (PTRDIFF_MAX < SIZE_MAX)]: + Reject sizes of exactly SIZE_MAX bytes. + * xreadlink.c: Include "xalloc.h" before checking whether SIZE_MAX + is defined, since "xalloc.h" now defines SIZE_MAX on modern hosts. + 2003-11-05 Bruno Haible * xsize.h: Include limits.h, to avoid a possible collision with diff --git a/lib/xalloc.h b/lib/xalloc.h --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -21,6 +21,9 @@ # define XALLOC_H_ # include +# if HAVE_STDINT_H +# include +# endif # ifndef __attribute__ # if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) || __STRICT_ANSI__ @@ -62,8 +65,19 @@ /* Return 1 if an array of N objects, each of size S, cannot exist due to size arithmetic overflow. S must be positive and N must be nonnegative. This is a macro, not an inline function, so that it - works correctly even when SIZE_MAX < N. */ -#define xalloc_oversized(n, s) ((size_t) -1 / (s) < (n)) + works correctly even when SIZE_MAX < N. + + By gnulib convention, SIZE_MAX represents overflow in size + calculations, so reject attempted allocations of exactly SIZE_MAX + bytes. However, malloc (SIZE_MAX) fails on all known hosts where + PTRDIFF_MAX < SIZE_MAX, so do not bother to test for + exactly-SIZE_MAX allocations on such hosts; this avoids a test and + branch when S is known to be 1. */ +# if defined PTRDIFF_MAX && PTRDIFF_MAX < SIZE_MAX +# define xalloc_oversized(n, s) ((size_t) -1 / (s) < (n)) +# else +# define xalloc_oversized(n, s) ((size_t) -1 / (s) <= (n)) +# endif /* These macros are deprecated; they will go away soon, and are retained temporarily only to ease conversion to the functions described above. */ diff --git a/lib/xreadlink.c b/lib/xreadlink.c --- a/lib/xreadlink.c +++ b/lib/xreadlink.c @@ -36,6 +36,9 @@ # include #endif +#include "xalloc.h" +#include "xreadlink.h" + #ifndef SIZE_MAX # define SIZE_MAX ((size_t) -1) #endif @@ -43,9 +46,6 @@ # define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2)) #endif -#include "xalloc.h" -#include "xreadlink.h" - /* Call readlink to get the symbolic link value of FILENAME. Return a pointer to that NUL-terminated string in malloc'd storage. If readlink fails, return NULL (caller may use errno to diagnose).