[thirdparty/systemd.git] / src / basic / alloc-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <malloc.h>

#include "alloc-util.h"

void* memdup(const void *p, size_t l) {
        void *ret;

        assert(l == 0 || p);

        ret = malloc(l ?: 1);
        if (!ret)
                return NULL;

        return memcpy_safe(ret, p, l);
}

void* memdup_suffix0(const void *p, size_t l) {
        void *ret;

        assert(l == 0 || p);

        /* The same as memdup() but place a safety NUL byte after the allocated memory */

        if (_unlikely_(l == SIZE_MAX)) /* prevent overflow */
                return NULL;

        ret = malloc(l + 1);
        if (!ret)
                return NULL;

        ((uint8_t*) ret)[l] = 0;
        return memcpy_safe(ret, p, l);
}

void* greedy_realloc(
                void **p,
                size_t need,
                size_t size) {

        size_t newalloc;
        void *q;

        assert(p);

        /* We use malloc_usable_size() for determining the current allocated size. On all systems we care
         * about this should be safe to rely on. Should there ever arise the need to avoid relying on this we
         * can instead locally fall back to realloc() on every call, rounded up to the next exponent of 2 or
         * so. */

        if (*p && (size == 0 || (MALLOC_SIZEOF_SAFE(*p) / size >= need)))
                return *p;

        if (_unlikely_(need > SIZE_MAX/2)) /* Overflow check */
                return NULL;
        newalloc = need * 2;

        if (!MUL_ASSIGN_SAFE(&newalloc, size))
                return NULL;

        if (newalloc < 64) /* Allocate at least 64 bytes */
                newalloc = 64;

        q = realloc(*p, newalloc);
        if (!q)
                return NULL;

        return *p = q;
}

void* greedy_realloc0(
                void **p,
                size_t need,
                size_t size) {

        size_t before, after;
        uint8_t *q;

        assert(p);

        before = MALLOC_SIZEOF_SAFE(*p); /* malloc_usable_size() will return 0 on NULL input, as per docs */

        q = greedy_realloc(p, need, size);
        if (!q)
                return NULL;

        after = MALLOC_SIZEOF_SAFE(q);

        if (size == 0) /* avoid division by zero */
                before = 0;
        else
                before = (before / size) * size; /* Round down */

        if (after > before)
                memzero(q + before, after - before);

        return q;
}

void* greedy_realloc_append(
                void **p,
                size_t *n_p,
                const void *from,
                size_t n_from,
                size_t size) {

        uint8_t *q;

        assert(p);
        assert(n_p);
        assert(from || n_from == 0);

        if (n_from > SIZE_MAX - *n_p)
                return NULL;

        q = greedy_realloc(p, *n_p + n_from, size);
        if (!q)
                return NULL;

        memcpy_safe(q + *n_p * size, from, n_from * size);

        *n_p += n_from;

        return q;
}

void *expand_to_usable(void *ptr, size_t newsize _unused_) {
        return ptr;
}

size_t malloc_sizeof_safe(void **xp) {
        if (_unlikely_(!xp || !*xp))
                return 0;

        size_t sz = malloc_usable_size(*xp);
        *xp = expand_to_usable(*xp, sz);
        /* GCC doesn't see the _returns_nonnull_ when built with ubsan, so yet another hint to make it doubly
         * clear that expand_to_usable won't return NULL.
         * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79265 */
        if (!*xp)
                assert_not_reached();
        return sz;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
b5efdb8a	2
e5905427	3	#include <malloc.h>
11c3a366	4
b5efdb8a	5	#include "alloc-util.h"
b5efdb8a LP	6
b5efdb8a LP	7	void* memdup(const void *p, size_t l) {
c165d97d	8	void *ret;
b5efdb8a	9
c165d97d LP	10	assert(l == 0 \|\| p);
c165d97d LP	11
830464c3	12	ret = malloc(l ?: 1);
c165d97d LP	13	if (!ret)
	14	return NULL;
	15
550721c2	16	return memcpy_safe(ret, p, l);
c165d97d LP	17	}
c165d97d LP	18
d40c54fe	19	void* memdup_suffix0(const void *p, size_t l) {
c165d97d LP	20	void *ret;
	21
	22	assert(l == 0 \|\| p);
	23
	24	/* The same as memdup() but place a safety NUL byte after the allocated memory */
b5efdb8a	25
e5e21a05 LP	26	if (_unlikely_(l == SIZE_MAX)) /* prevent overflow */
	27	return NULL;
	28
c165d97d LP	29	ret = malloc(l + 1);
c165d97d LP	30	if (!ret)
b5efdb8a LP	31	return NULL;
b5efdb8a LP	32
550721c2 YW	33	((uint8_t*) ret)[l] = 0;
550721c2 YW	34	return memcpy_safe(ret, p, l);
b5efdb8a LP	35	}
b5efdb8a LP	36
319a4f4b LP	37	void* greedy_realloc(
	38	void **p,
	39	size_t need,
	40	size_t size) {
	41
34fb408f	42	size_t newalloc;
b5efdb8a LP	43	void *q;
	44
	45	assert(p);
b5efdb8a	46
319a4f4b LP	47	/* We use malloc_usable_size() for determining the current allocated size. On all systems we care
	48	* about this should be safe to rely on. Should there ever arise the need to avoid relying on this we
	49	* can instead locally fall back to realloc() on every call, rounded up to the next exponent of 2 or
	50	* so. */
	51
	52	if (p && (size == 0 \|\| (MALLOC_SIZEOF_SAFE(p) / size >= need)))
b5efdb8a LP	53	return *p;
b5efdb8a LP	54
23964f7f LP	55	if (_unlikely_(need > SIZE_MAX/2)) /* Overflow check */
23964f7f LP	56	return NULL;
23964f7f	57	newalloc = need * 2;
319a4f4b	58
34fb408f	59	if (!MUL_ASSIGN_SAFE(&newalloc, size))
b5efdb8a	60	return NULL;
319a4f4b	61
34fb408f MY	62	if (newalloc < 64) /* Allocate at least 64 bytes */
34fb408f MY	63	newalloc = 64;
23964f7f	64
34fb408f	65	q = realloc(*p, newalloc);
b5efdb8a LP	66	if (!q)
	67	return NULL;
	68
319a4f4b	69	return *p = q;
b5efdb8a LP	70	}
b5efdb8a LP	71
319a4f4b LP	72	void* greedy_realloc0(
	73	void **p,
	74	size_t need,
	75	size_t size) {
	76
	77	size_t before, after;
b5efdb8a LP	78	uint8_t *q;
	79
	80	assert(p);
b5efdb8a	81
319a4f4b	82	before = MALLOC_SIZEOF_SAFE(p); / malloc_usable_size() will return 0 on NULL input, as per docs */
b5efdb8a	83
319a4f4b	84	q = greedy_realloc(p, need, size);
b5efdb8a LP	85	if (!q)
	86	return NULL;
	87
319a4f4b LP	88	after = MALLOC_SIZEOF_SAFE(q);
	89
	90	if (size == 0) /* avoid division by zero */
	91	before = 0;
	92	else
	93	before = (before / size) * size; /* Round down */
	94
	95	if (after > before)
	96	memzero(q + before, after - before);
b5efdb8a LP	97
	98	return q;
	99	}
7929e180	100
3f27ba99 DS	101	void* greedy_realloc_append(
	102	void **p,
	103	size_t *n_p,
	104	const void *from,
	105	size_t n_from,
	106	size_t size) {
	107
	108	uint8_t *q;
	109
	110	assert(p);
	111	assert(n_p);
	112	assert(from \|\| n_from == 0);
	113
	114	if (n_from > SIZE_MAX - *n_p)
	115	return NULL;
	116
	117	q = greedy_realloc(p, *n_p + n_from, size);
	118	if (!q)
	119	return NULL;
	120
	121	memcpy_safe(q + n_p size, from, n_from * size);
	122
	123	*n_p += n_from;
	124
	125	return q;
	126	}
	127
7929e180 SP	128	void expand_to_usable(void ptr, size_t newsize _unused_) {
	129	return ptr;
	130	}
0c15577a DDM	131
	132	size_t malloc_sizeof_safe(void **xp) {
	133	if (_unlikely_(!xp \|\| !*xp))
	134	return 0;
	135
	136	size_t sz = malloc_usable_size(*xp);
	137	xp = expand_to_usable(xp, sz);
	138	/* GCC doesn't see the _returns_nonnull_ when built with ubsan, so yet another hint to make it doubly
	139	* clear that expand_to_usable won't return NULL.
	140	* See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79265 */
	141	if (!*xp)
	142	assert_not_reached();
	143	return sz;
	144	}