alloca: add an overflow check too

Of course, alloca() shouldn't be used with anything that can grow
without bounds anyway, but let's better safe than sorry, and catch this
early.

Since alloca() is not supposed to return an error we trigger an
assert() instead, which is still better than heap trickery.

diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
index 88cd6b0bc25d682c0a45493040444c0bc8c8f89a..bae6a284513d98ac806b38cf7f3170d1e354e447 100644 (file)
--- a/src/basic/alloc-util.h
+++ b/src/basic/alloc-util.h
@@ -18,9 +18,17 @@
 
 #define new0(t, n) ((t*) calloc((n), sizeof(t)))
 
-#define newa(t, n) ((t*) alloca(sizeof(t)*(n)))
+#define newa(t, n)                                              \
+        ({                                                      \
+                assert(!size_multiply_overflow(sizeof(t), n));  \
+                (t*) alloca(sizeof(t)*(n));                     \
+        })
 
-#define newa0(t, n) ((t*) alloca0(sizeof(t)*(n)))
+#define newa0(t, n)                                             \
+        ({                                                      \
+                assert(!size_multiply_overflow(sizeof(t), n));  \
+                (t*) alloca0(sizeof(t)*(n));                    \
+        })
 
 #define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n)))