[thirdparty/systemd.git] / src / basic / alloc-util.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

#include <alloca.h>
#include <stddef.h>
#include <stdlib.h>
#include <string.h>

#include "macro.h"

#if HAS_FEATURE_MEMORY_SANITIZER
#  include <sanitizer/msan_interface.h>
#endif

typedef void (*free_func_t)(void *p);

/* If for some reason more than 4M are allocated on the stack, let's abort immediately. It's better than
 * proceeding and smashing the stack limits. Note that by default RLIMIT_STACK is 8M on Linux. */
#define ALLOCA_MAX (4U*1024U*1024U)

#define new(t, n) ((t*) malloc_multiply(sizeof(t), (n)))

#define new0(t, n) ((t*) calloc((n) ?: 1, sizeof(t)))

#define newa(t, n)                                                      \
        ({                                                              \
                size_t _n_ = n;                                         \
                assert(!size_multiply_overflow(sizeof(t), _n_));        \
                assert(sizeof(t)*_n_ <= ALLOCA_MAX);                    \
                (t*) alloca(sizeof(t)*_n_);                             \
        })

#define newa0(t, n)                                                     \
        ({                                                              \
                size_t _n_ = n;                                         \
                assert(!size_multiply_overflow(sizeof(t), _n_));        \
                assert(sizeof(t)*_n_ <= ALLOCA_MAX);                    \
                (t*) alloca0(sizeof(t)*_n_);                            \
        })

#define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n)))

#define newdup_suffix0(t, p, n) ((t*) memdup_suffix0_multiply(p, sizeof(t), (n)))

#define malloc0(n) (calloc(1, (n)))

static inline void *mfree(void *memory) {
        free(memory);
        return NULL;
}

#define free_and_replace(a, b)                  \
        ({                                      \
                free(a);                        \
                (a) = (b);                      \
                (b) = NULL;                     \
                0;                              \
        })

void* memdup(const void *p, size_t l) _alloc_(2);
void* memdup_suffix0(const void *p, size_t l) _alloc_(2);

#define memdupa(p, l)                           \
        ({                                      \
                void *_q_;                      \
                size_t _l_ = l;                 \
                assert(_l_ <= ALLOCA_MAX);      \
                _q_ = alloca(_l_);              \
                memcpy(_q_, p, _l_);            \
        })

#define memdupa_suffix0(p, l)                   \
        ({                                      \
                void *_q_;                      \
                size_t _l_ = l;                 \
                assert(_l_ <= ALLOCA_MAX);      \
                _q_ = alloca(_l_ + 1);          \
                ((uint8_t*) _q_)[_l_] = 0;      \
                memcpy(_q_, p, _l_);            \
        })

static inline void freep(void *p) {
        free(*(void**) p);
}

#define _cleanup_free_ _cleanup_(freep)

static inline bool size_multiply_overflow(size_t size, size_t need) {
        return _unlikely_(need != 0 && size > (SIZE_MAX / need));
}

_malloc_  _alloc_(1, 2) static inline void *malloc_multiply(size_t size, size_t need) {
        if (size_multiply_overflow(size, need))
                return NULL;

        return malloc(size * need ?: 1);
}

#if !HAVE_REALLOCARRAY
_alloc_(2, 3) static inline void *reallocarray(void *p, size_t need, size_t size) {
        if (size_multiply_overflow(size, need))
                return NULL;

        return realloc(p, size * need ?: 1);
}
#endif

_alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t size, size_t need) {
        if (size_multiply_overflow(size, need))
                return NULL;

        return memdup(p, size * need);
}

_alloc_(2, 3) static inline void *memdup_suffix0_multiply(const void *p, size_t size, size_t need) {
        if (size_multiply_overflow(size, need))
                return NULL;

        return memdup_suffix0(p, size * need);
}

void* greedy_realloc(void **p, size_t *allocated, size_t need, size_t size);
void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size);

#define GREEDY_REALLOC(array, allocated, need)                          \
        greedy_realloc((void**) &(array), &(allocated), (need), sizeof((array)[0]))

#define GREEDY_REALLOC0(array, allocated, need)                         \
        greedy_realloc0((void**) &(array), &(allocated), (need), sizeof((array)[0]))

#define alloca0(n)                                      \
        ({                                              \
                char *_new_;                            \
                size_t _len_ = n;                       \
                assert(_len_ <= ALLOCA_MAX);            \
                _new_ = alloca(_len_);                  \
                (void *) memset(_new_, 0, _len_);       \
        })

/* It's not clear what alignment glibc/gcc alloca() guarantee, hence provide a guaranteed safe version */
#define alloca_align(size, align)                                       \
        ({                                                              \
                void *_ptr_;                                            \
                size_t _mask_ = (align) - 1;                            \
                size_t _size_ = size;                                   \
                assert(_size_ <= ALLOCA_MAX);                           \
                _ptr_ = alloca(_size_ + _mask_);                        \
                (void*)(((uintptr_t)_ptr_ + _mask_) & ~_mask_);         \
        })

#define alloca0_align(size, align)                                      \
        ({                                                              \
                void *_new_;                                            \
                size_t _xsize_ = (size);                                \
                _new_ = alloca_align(_xsize_, (align));                 \
                (void*)memset(_new_, 0, _xsize_);                       \
        })

/* Takes inspiration from Rusts's Option::take() method: reads and returns a pointer, but at the same time resets it to
 * NULL. See: https://doc.rust-lang.org/std/option/enum.Option.html#method.take */
#define TAKE_PTR(ptr)                           \
        ({                                      \
                typeof(ptr) _ptr_ = (ptr);      \
                (ptr) = NULL;                   \
                _ptr_;                          \
        })

#if HAS_FEATURE_MEMORY_SANITIZER
#  define msan_unpoison(r, s) __msan_unpoison(r, s)
#else
#  define msan_unpoison(r, s)
#endif
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
b5efdb8a LP	2	#pragma once
b5efdb8a LP	3
b5efdb8a	4	#include <alloca.h>
11c3a366	5	#include <stddef.h>
b5efdb8a LP	6	#include <stdlib.h>
	7	#include <string.h>
	8
	9	#include "macro.h"
	10
c322f379 ZJS	11	#if HAS_FEATURE_MEMORY_SANITIZER
	12	# include <sanitizer/msan_interface.h>
	13	#endif
	14
e30f9c97 YW	15	typedef void (free_func_t)(void p);
e30f9c97 YW	16
4aee28c6 LP	17	/* If for some reason more than 4M are allocated on the stack, let's abort immediately. It's better than
	18	* proceeding and smashing the stack limits. Note that by default RLIMIT_STACK is 8M on Linux. */
	19	#define ALLOCA_MAX (4U1024U1024U)
	20
b5efdb8a LP	21	#define new(t, n) ((t*) malloc_multiply(sizeof(t), (n)))
b5efdb8a LP	22
830464c3	23	#define new0(t, n) ((t*) calloc((n) ?: 1, sizeof(t)))
b5efdb8a	24
4aee28c6 LP	25	#define newa(t, n) \
	26	({ \
	27	size_t _n_ = n; \
	28	assert(!size_multiply_overflow(sizeof(t), _n_)); \
	29	assert(sizeof(t)*_n_ <= ALLOCA_MAX); \
	30	(t) alloca(sizeof(t)_n_); \
1232c447 LP	31	})
1232c447 LP	32
4aee28c6 LP	33	#define newa0(t, n) \
	34	({ \
	35	size_t _n_ = n; \
	36	assert(!size_multiply_overflow(sizeof(t), _n_)); \
	37	assert(sizeof(t)*_n_ <= ALLOCA_MAX); \
	38	(t) alloca0(sizeof(t)_n_); \
1232c447	39	})
b5efdb8a LP	40
	41	#define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n)))
	42
c165d97d LP	43	#define newdup_suffix0(t, p, n) ((t*) memdup_suffix0_multiply(p, sizeof(t), (n)))
c165d97d LP	44
b5efdb8a LP	45	#define malloc0(n) (calloc(1, (n)))
	46
	47	static inline void mfree(void memory) {
	48	free(memory);
	49	return NULL;
	50	}
	51
3b319885 ZJS	52	#define free_and_replace(a, b) \
	53	({ \
	54	free(a); \
	55	(a) = (b); \
	56	(b) = NULL; \
	57	0; \
	58	})
	59
b5efdb8a	60	void* memdup(const void *p, size_t l) _alloc_(2);
d40c54fe	61	void* memdup_suffix0(const void *p, size_t l) _alloc_(2);
b5efdb8a	62
242c41b8 LP	63	#define memdupa(p, l) \
	64	({ \
	65	void *_q_; \
4aee28c6 LP	66	size_t _l_ = l; \
	67	assert(_l_ <= ALLOCA_MAX); \
	68	_q_ = alloca(_l_); \
	69	memcpy(_q_, p, _l_); \
242c41b8 LP	70	})
	71
	72	#define memdupa_suffix0(p, l) \
	73	({ \
	74	void *_q_; \
4aee28c6 LP	75	size_t _l_ = l; \
	76	assert(_l_ <= ALLOCA_MAX); \
	77	_q_ = alloca(_l_ + 1); \
	78	((uint8_t*) _q_)[_l_] = 0; \
	79	memcpy(_q_, p, _l_); \
242c41b8 LP	80	})
242c41b8 LP	81
b5efdb8a LP	82	static inline void freep(void *p) {
	83	free((void*) p);
	84	}
	85
	86	#define _cleanup_free_ _cleanup_(freep)
	87
dbacacaa	88	static inline bool size_multiply_overflow(size_t size, size_t need) {
fd887949	89	return _unlikely_(need != 0 && size > (SIZE_MAX / need));
dbacacaa AK	90	}
	91
	92	_malloc_ _alloc_(1, 2) static inline void *malloc_multiply(size_t size, size_t need) {
	93	if (size_multiply_overflow(size, need))
b5efdb8a LP	94	return NULL;
b5efdb8a LP	95
830464c3	96	return malloc(size * need ?: 1);
b5efdb8a LP	97	}
b5efdb8a LP	98
aa484f35 ZJS	99	#if !HAVE_REALLOCARRAY
aa484f35 ZJS	100	_alloc_(2, 3) static inline void reallocarray(void p, size_t need, size_t size) {
dbacacaa	101	if (size_multiply_overflow(size, need))
b5efdb8a LP	102	return NULL;
b5efdb8a LP	103
830464c3	104	return realloc(p, size * need ?: 1);
b5efdb8a	105	}
aa484f35	106	#endif
b5efdb8a	107
dbacacaa AK	108	_alloc_(2, 3) static inline void memdup_multiply(const void p, size_t size, size_t need) {
dbacacaa AK	109	if (size_multiply_overflow(size, need))
b5efdb8a LP	110	return NULL;
b5efdb8a LP	111
dbacacaa	112	return memdup(p, size * need);
b5efdb8a LP	113	}
b5efdb8a LP	114
c165d97d LP	115	_alloc_(2, 3) static inline void memdup_suffix0_multiply(const void p, size_t size, size_t need) {
	116	if (size_multiply_overflow(size, need))
	117	return NULL;
	118
	119	return memdup_suffix0(p, size * need);
	120	}
	121
b5efdb8a LP	122	void* greedy_realloc(void *p, size_t allocated, size_t need, size_t size);
	123	void* greedy_realloc0(void *p, size_t allocated, size_t need, size_t size);
	124
	125	#define GREEDY_REALLOC(array, allocated, need) \
	126	greedy_realloc((void**) &(array), &(allocated), (need), sizeof((array)[0]))
	127
	128	#define GREEDY_REALLOC0(array, allocated, need) \
	129	greedy_realloc0((void**) &(array), &(allocated), (need), sizeof((array)[0]))
	130
	131	#define alloca0(n) \
	132	({ \
	133	char *_new_; \
	134	size_t _len_ = n; \
4aee28c6	135	assert(_len_ <= ALLOCA_MAX); \
b5efdb8a LP	136	_new_ = alloca(_len_); \
	137	(void *) memset(_new_, 0, _len_); \
	138	})
	139
	140	/* It's not clear what alignment glibc/gcc alloca() guarantee, hence provide a guaranteed safe version */
	141	#define alloca_align(size, align) \
	142	({ \
	143	void *_ptr_; \
	144	size_t _mask_ = (align) - 1; \
4aee28c6 LP	145	size_t _size_ = size; \
	146	assert(_size_ <= ALLOCA_MAX); \
	147	_ptr_ = alloca(_size_ + _mask_); \
b5efdb8a LP	148	(void*)(((uintptr_t)_ptr_ + _mask_) & ~_mask_); \
	149	})
	150
	151	#define alloca0_align(size, align) \
	152	({ \
	153	void *_new_; \
4aee28c6 LP	154	size_t _xsize_ = (size); \
	155	_new_ = alloca_align(_xsize_, (align)); \
	156	(void*)memset(_new_, 0, _xsize_); \
b5efdb8a	157	})
ae2a15bc LP	158
	159	/* Takes inspiration from Rusts's Option::take() method: reads and returns a pointer, but at the same time resets it to
	160	* NULL. See: https://doc.rust-lang.org/std/option/enum.Option.html#method.take */
	161	#define TAKE_PTR(ptr) \
	162	({ \
	163	typeof(ptr) _ptr_ = (ptr); \
	164	(ptr) = NULL; \
	165	_ptr_; \
	166	})
c322f379 ZJS	167
	168	#if HAS_FEATURE_MEMORY_SANITIZER
	169	# define msan_unpoison(r, s) __msan_unpoison(r, s)
	170	#else
	171	# define msan_unpoison(r, s)
	172	#endif