lib: *_new(): Use the new MALLOC_MULTIPLY() macro to avoid overflows

Cast the sizeof() result to unsigned int, because it's definitely always
enough and in many cases this allows optimizing away the wrap-check.

diff --git a/src/lib/data-stack.h b/src/lib/data-stack.h
index 72b5244ea1a45936e7544428efbb755bdded452c..da8791ef3c8576b24251049022186723dae647d7 100644 (file)
--- a/src/lib/data-stack.h
+++ b/src/lib/data-stack.h
@@ -92,7 +92,8 @@ bool t_try_realloc(void *mem, size_t size);
 size_t t_get_bytes_available(void) ATTR_PURE;
 
 #define t_new(type, count) \
-       ((type *) t_malloc0(sizeof(type) * (count)))
+       ((type *) t_malloc0(MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \
+        COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX))
 
 /* Returns pointer to a temporary buffer you can use. The buffer will be
    invalid as soon as next t_malloc() is called!

diff --git a/src/lib/mempool.h b/src/lib/mempool.h
index 7fc52359d324c7f1de4466d5b3d5ad34469c97d3..c796a0a9e0e4f69e7739786d82c8869955c6ecb5 100644 (file)
--- a/src/lib/mempool.h
+++ b/src/lib/mempool.h
@@ -69,7 +69,8 @@ pool_t pool_datastack_create(void);
 size_t pool_get_exp_grown_size(pool_t pool, size_t old_size, size_t min_size);
 
 #define p_new(pool, type, count) \
-       ((type *) p_malloc(pool, sizeof(type) * (count)))
+       ((type *) p_malloc(pool, MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \
+        COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX))
 static inline void * ATTR_MALLOC ATTR_RETURNS_NONNULL
 p_malloc(pool_t pool, size_t size)
 {