* [PATCH 1/8] safe-alloc: improve doc
@ 2021-04-19 4:01 Paul Eggert
2021-04-19 4:01 ` [PATCH 2/8] backupfile: simplify via realloc-gnu Paul Eggert
` (7 more replies)
0 siblings, 8 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
* doc/safe-alloc.texi: Clarify that reallocating an array appends
uninitialized storage. Say ‘sizeof *p’ rather than ‘sizeof(*p)’
which would need a space before the paren to follow GNU style.
---
ChangeLog | 5 +++++
doc/safe-alloc.texi | 14 +++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ab6045fd3..d2d12058e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ safe-alloc: improve doc
+ * doc/safe-alloc.texi: Clarify that reallocating an array appends
+ uninitialized storage. Say ‘sizeof *p’ rather than ‘sizeof(*p)’
+ which would need a space before the paren to follow GNU style.
+
malloc-gnu-tests, etc.: test ptrdiff_t overflow
* modules/calloc-gnu-tests (Depends-on):
* modules/malloc-gnu-tests (Depends-on):
diff --git a/doc/safe-alloc.texi b/doc/safe-alloc.texi
index 60304472f..d40ec65b6 100644
--- a/doc/safe-alloc.texi
+++ b/doc/safe-alloc.texi
@@ -36,12 +36,14 @@ passed in as arguments when appropriate.
It uses return values only for a success/failure error condition flag,
and annotates them with GCC's @code{__warn_unused_result__} attribute.
@item
-It uses @code{calloc} instead of @code{malloc}.
+When allocating a fresh array, it uses @code{calloc} instead of
+@code{malloc} so that the array's contents are zeroed.
+However, memory added to an already-existing array is uninitialized.
@end itemize
@defmac {int} ALLOC (ptr)
@findex ALLOC
-Allocate @code{sizeof(*ptr)} bytes of memory and store the address of
+Allocate @code{sizeof *ptr} bytes of memory and store the address of
allocated memory in @code{ptr}. Fill the newly allocated memory with
zeros.
@@ -50,7 +52,7 @@ Returns @minus{}1 on failure, 0 on success.
@defmac {int} ALLOC_N (ptr, count)
@findex ALLOC_N
-Allocate an array of @code{count} elements, each @code{sizeof(*ptr)}
+Allocate an array of @code{count} elements, each @code{sizeof *ptr}
bytes long, and store the address of allocated memory in
@code{ptr}. Fill the newly allocated memory with zeros.
@@ -59,7 +61,7 @@ Returns @minus{}1 on failure, 0 on success.
@defmac {int} ALLOC_N_UNINITIALIZED (ptr, count)
@findex ALLOC_N_UNINITIALIZED
-Allocate an array of @code{count} elements, each @code{sizeof(*ptr)}
+Allocate an array of @code{count} elements, each @code{sizeof *ptr}
bytes long, and store the address of allocated memory in
@code{ptr}. The allocated memory is not initialized.
@@ -69,9 +71,11 @@ Returns @minus{}1 on failure, 0 on success.
@defmac {int} REALLOC_N (ptr, count)
@findex REALLOC_N
Reallocate the memory pointed to by @code{ptr} to be big enough to hold
-at least @code{count} elements, each @code{sizeof(*ptr)} bytes long,
+at least @code{count} elements, each @code{sizeof *ptr} bytes long,
and store the address of allocated memory in @code{ptr}. If
reallocation fails, the @code{ptr} variable is not modified.
+If the new array is smaller than the old one, discard excess contents;
+if larger, the newly added storage is not initialized.
Returns @minus{}1 on failure, 0 on success.
@end defmac
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 2/8] backupfile: simplify via realloc-gnu
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
@ 2021-04-19 4:01 ` Paul Eggert
2021-04-19 4:01 ` [PATCH 3/8] group-member: " Paul Eggert
` (6 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
* lib/backupfile.c: Do not include xalloc-oversized.h.
(numbered_backup): Simplify now that realloc will do the right
thing about ptrdiff_t overflow.
* modules/backupfile (Depends-on): Add realloc-gnu;
remove xalloc-oversized.
---
ChangeLog | 7 +++++++
lib/backupfile.c | 3 +--
modules/backupfile | 2 +-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index d2d12058e..e00a5b7c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ backupfile: simplify via realloc-gnu
+ * lib/backupfile.c: Do not include xalloc-oversized.h.
+ (numbered_backup): Simplify now that realloc will do the right
+ thing about ptrdiff_t overflow.
+ * modules/backupfile (Depends-on): Add realloc-gnu;
+ remove xalloc-oversized.
+
safe-alloc: improve doc
* doc/safe-alloc.texi: Clarify that reallocating an array appends
uninitialized storage. Say ‘sizeof *p’ rather than ‘sizeof(*p)’
diff --git a/lib/backupfile.c b/lib/backupfile.c
index 1e427e8de..bc03dd614 100644
--- a/lib/backupfile.c
+++ b/lib/backupfile.c
@@ -37,7 +37,6 @@
#include "intprops.h"
#include "opendirat.h"
#include "renameatu.h"
-#include "xalloc-oversized.h"
#ifndef _D_EXACT_NAMLEN
# define _D_EXACT_NAMLEN(dp) strlen ((dp)->d_name)
@@ -271,7 +270,7 @@ numbered_backup (int dir_fd, char **buffer, size_t buffer_size, size_t filelen,
size_t new_buffer_size = filelen + 2 + versionlenmax + 2;
if (buffer_size < new_buffer_size)
{
- xalloc_count_t grown;
+ size_t grown;
if (! INT_ADD_WRAPV (new_buffer_size, new_buffer_size >> 1, &grown))
new_buffer_size = grown;
char *new_buf = realloc (buf, new_buffer_size);
diff --git a/modules/backupfile b/modules/backupfile
index 42c8c9ed5..342a7bdff 100644
--- a/modules/backupfile
+++ b/modules/backupfile
@@ -21,11 +21,11 @@ intprops
memcmp
opendirat
readdir
+realloc-gnu
renameatu
stdbool
stdint
xalloc-die
-xalloc-oversized
configure.ac:
gl_BACKUPFILE
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 3/8] group-member: simplify via realloc-gnu
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
2021-04-19 4:01 ` [PATCH 2/8] backupfile: simplify via realloc-gnu Paul Eggert
@ 2021-04-19 4:01 ` Paul Eggert
2021-04-19 4:01 ` [PATCH 4/8] xalloc: new function xreallocarray Paul Eggert
` (5 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
* lib/group-member.c, modules/group-member:
Simplify similarly to backupfile.
---
ChangeLog | 4 ++++
lib/group-member.c | 6 ++----
modules/group-member | 2 +-
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e00a5b7c8..aff0e87fc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ group-member: simplify via realloc-gnu
+ * lib/group-member.c, modules/group-member:
+ Simplify similarly to backupfile.
+
backupfile: simplify via realloc-gnu
* lib/backupfile.c: Do not include xalloc-oversized.h.
(numbered_backup): Simplify now that realloc will do the right
diff --git a/lib/group-member.c b/lib/group-member.c
index 17bee831b..d433f2731 100644
--- a/lib/group-member.c
+++ b/lib/group-member.c
@@ -26,7 +26,6 @@
#include <stdlib.h>
#include "intprops.h"
-#include "xalloc-oversized.h"
/* Most processes have no more than this many groups, and for these
processes we can avoid using malloc. */
@@ -54,9 +53,8 @@ get_group_info (struct group_info *gi)
if (n_groups < 0)
{
int n_group_slots = getgroups (0, NULL);
- xalloc_count_t nbytes;
- if (0 <= n_group_slots
- && ! INT_MULTIPLY_WRAPV (n_group_slots, sizeof *gi->group, &nbytes))
+ size_t nbytes;
+ if (! INT_MULTIPLY_WRAPV (n_group_slots, sizeof *gi->group, &nbytes))
{
gi->group = malloc (nbytes);
if (gi->group)
diff --git a/modules/group-member b/modules/group-member
index aa56ecf7e..a224d9888 100644
--- a/modules/group-member
+++ b/modules/group-member
@@ -10,7 +10,7 @@ unistd
extensions
getgroups [test $HAVE_GROUP_MEMBER = 0]
intprops [test $HAVE_GROUP_MEMBER = 0]
-xalloc-oversized [test $HAVE_GROUP_MEMBER = 0]
+realloc-gnu [test $HAVE_GROUP_MEMBER = 0]
configure.ac:
gl_FUNC_GROUP_MEMBER
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 4/8] xalloc: new function xreallocarray
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
2021-04-19 4:01 ` [PATCH 2/8] backupfile: simplify via realloc-gnu Paul Eggert
2021-04-19 4:01 ` [PATCH 3/8] group-member: " Paul Eggert
@ 2021-04-19 4:01 ` Paul Eggert
2021-04-22 0:18 ` Bruno Haible
2021-04-19 4:01 ` [PATCH 5/8] xalloc-oversized: fix SIZE_MAX optimization bug Paul Eggert
` (4 subsequent siblings)
7 siblings, 1 reply; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
This effectively replaces xnmalloc, which perhaps should be deprecated.
The name xreallocarray should be easier to remember now that
reallocarray is a standard GNU function.
* lib/xalloc.h [GNULIB_XALLOC]: Do not include xalloc-oversized.h.
(xnmalloc, xnrealloc, x2nrealloc): Simplify by using xreallocarray.
* lib/xmalloc.c (xreallocarray): New function.
* modules/xalloc (Depends-on): Add reallocarray;
remove xalloc-oversized.
---
ChangeLog | 10 ++++++++++
lib/xalloc.h | 26 ++++++++++++++------------
lib/xmalloc.c | 12 ++++++++++++
modules/xalloc | 2 +-
4 files changed, 37 insertions(+), 13 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index aff0e87fc..857b7048f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ xalloc: new function xreallocarray
+ This effectively replaces xnmalloc, which perhaps should be deprecated.
+ The name xreallocarray should be easier to remember now that
+ reallocarray is a standard GNU function.
+ * lib/xalloc.h [GNULIB_XALLOC]: Do not include xalloc-oversized.h.
+ (xnmalloc, xnrealloc, x2nrealloc): Simplify by using xreallocarray.
+ * lib/xmalloc.c (xreallocarray): New function.
+ * modules/xalloc (Depends-on): Add reallocarray;
+ remove xalloc-oversized.
+
group-member: simplify via realloc-gnu
* lib/group-member.c, modules/group-member:
Simplify similarly to backupfile.
diff --git a/lib/xalloc.h b/lib/xalloc.h
index b08ab4e07..6cd7a680c 100644
--- a/lib/xalloc.h
+++ b/lib/xalloc.h
@@ -24,7 +24,6 @@
#if GNULIB_XALLOC
# include "idx.h"
# include "intprops.h"
-# include "xalloc-oversized.h"
#endif
#ifndef _GL_INLINE_HEADER_BEGIN
@@ -62,6 +61,8 @@ void *xcalloc (size_t n, size_t s)
_GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_ALLOC_SIZE ((1, 2));
void *xrealloc (void *p, size_t s)
_GL_ATTRIBUTE_ALLOC_SIZE ((2));
+void *xreallocarray (void *p, size_t n, size_t s)
+ _GL_ATTRIBUTE_ALLOC_SIZE ((2, 3));
void *x2realloc (void *p, size_t *pn);
void *xpalloc (void *pa, idx_t *nitems, idx_t nitems_incr_min,
ptrdiff_t nitems_max, idx_t item_size);
@@ -104,11 +105,10 @@ XALLOC_INLINE void *xnmalloc (size_t n, size_t s)
XALLOC_INLINE void *
xnmalloc (size_t n, size_t s)
{
- if (xalloc_oversized (n, s))
- xalloc_die ();
- return xmalloc (n * s);
+ return xreallocarray (NULL, n, s);
}
+/* FIXME: Deprecate this in favor of xreallocarray? */
/* Change the size of an allocated block of memory P to an array of N
objects each of S bytes, with error checking. S must be nonzero. */
@@ -117,9 +117,7 @@ XALLOC_INLINE void *xnrealloc (void *p, size_t n, size_t s)
XALLOC_INLINE void *
xnrealloc (void *p, size_t n, size_t s)
{
- if (xalloc_oversized (n, s))
- xalloc_die ();
- return xrealloc (p, n * s);
+ return xreallocarray (p, n, s);
}
/* If P is null, allocate a block of at least *PN such objects;
@@ -202,10 +200,7 @@ x2nrealloc (void *p, size_t *pn, size_t s)
xalloc_die ();
}
- xalloc_count_t nbytes;
- if (INT_MULTIPLY_WRAPV (n, s, &nbytes))
- xalloc_die ();
- p = xrealloc (p, nbytes);
+ p = xreallocarray (p, n, s);
*pn = n;
return p;
}
@@ -241,10 +236,17 @@ xrealloc (T *p, size_t s)
return (T *) xrealloc ((void *) p, s);
}
+template <typename T> inline T *
+xreallocarray (T *p, size_t n, size_t s)
+{
+ return (T *) xreallocarray ((void *) p, n, s);
+}
+
+/* FIXME: Deprecate this in favor of xreallocarray? */
template <typename T> inline T *
xnrealloc (T *p, size_t n, size_t s)
{
- return (T *) xnrealloc ((void *) p, n, s);
+ return xreallocarray (p, n, s);
}
template <typename T> inline T *
diff --git a/lib/xmalloc.c b/lib/xmalloc.c
index 39ce893ad..88698fade 100644
--- a/lib/xmalloc.c
+++ b/lib/xmalloc.c
@@ -50,6 +50,18 @@ xrealloc (void *p, size_t n)
return r;
}
+/* Change the size of an allocated block of memory P to an array of N
+ objects each of S bytes, with error checking. */
+
+void *
+xreallocarray (void *p, size_t n, size_t s)
+{
+ void *r = reallocarray (p, n, s);
+ if (!r && (!p || (n && s)))
+ xalloc_die ();
+ return r;
+}
+
/* If P is null, allocate a block of at least *PN bytes; otherwise,
reallocate P so that it contains more than *PN bytes. *PN must be
nonzero unless P is null. Set *PN to the new block's size, and
diff --git a/modules/xalloc b/modules/xalloc
index 000933e94..0dbae1c86 100644
--- a/modules/xalloc
+++ b/modules/xalloc
@@ -15,9 +15,9 @@ intprops
malloc-gnu
minmax
realloc-gnu
+reallocarray
stdint
xalloc-die
-xalloc-oversized
configure.ac:
gl_XALLOC
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 5/8] xalloc-oversized: fix SIZE_MAX optimization bug
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
` (2 preceding siblings ...)
2021-04-19 4:01 ` [PATCH 4/8] xalloc: new function xreallocarray Paul Eggert
@ 2021-04-19 4:01 ` Paul Eggert
2021-04-19 4:01 ` [PATCH 6/8] safe-alloc: simplify via reallocarray Paul Eggert
` (3 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
* lib/xalloc-oversized.h (xalloc_count_t): Remove; no longer
needed and was evidently error-prone anyway.
(xalloc_oversized): Omit some over-optimization that caused
SIZE_MAX to not be treated as too large (the Gnulib convention) on
unusual platforms where PTRDIFF_MAX == SIZE_MAX. This change
should not affect typical platforms where PTRDIFF_MAX < SIZE_MAX.
When optimizing, simply use ptrdiff_t instead of xalloc_count_t.
---
ChangeLog | 9 +++++++++
lib/xalloc-oversized.h | 17 ++++++-----------
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 857b7048f..1d2607a0b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ xalloc-oversized: fix SIZE_MAX optimization bug
+ * lib/xalloc-oversized.h (xalloc_count_t): Remove; no longer
+ needed and was evidently error-prone anyway.
+ (xalloc_oversized): Omit some over-optimization that caused
+ SIZE_MAX to not be treated as too large (the Gnulib convention) on
+ unusual platforms where PTRDIFF_MAX == SIZE_MAX. This change
+ should not affect typical platforms where PTRDIFF_MAX < SIZE_MAX.
+ When optimizing, simply use ptrdiff_t instead of xalloc_count_t.
+
xalloc: new function xreallocarray
This effectively replaces xnmalloc, which perhaps should be deprecated.
The name xreallocarray should be easier to remember now that
diff --git a/lib/xalloc-oversized.h b/lib/xalloc-oversized.h
index 3618c75cb..6437a5d8b 100644
--- a/lib/xalloc-oversized.h
+++ b/lib/xalloc-oversized.h
@@ -30,25 +30,20 @@
#define __xalloc_oversized(n, s) \
((size_t) (PTRDIFF_MAX < SIZE_MAX ? PTRDIFF_MAX : SIZE_MAX - 1) / (s) < (n))
-#if PTRDIFF_MAX < SIZE_MAX
-typedef ptrdiff_t xalloc_count_t;
-#else
-typedef size_t xalloc_count_t;
-#endif
-
/* Return 1 if an array of N objects, each of size S, cannot exist reliably
- because its total size in bytes exceeds MIN (PTRDIFF_MAX, SIZE_MAX).
+ because its total size in bytes exceeds MIN (PTRDIFF_MAX, SIZE_MAX - 1).
N must be nonnegative, S must be positive, and either N or S should be
of type ptrdiff_t or size_t or wider. This is a macro, not a function,
so that it works even if an argument exceeds MAX (PTRDIFF_MAX, SIZE_MAX). */
-#if 7 <= __GNUC__ && !defined __clang__
+#if 7 <= __GNUC__ && !defined __clang__ && PTRDIFF_MAX < SIZE_MAX
# define xalloc_oversized(n, s) \
- __builtin_mul_overflow_p (n, s, (xalloc_count_t) 1)
-#elif 5 <= __GNUC__ && !defined __ICC && !__STRICT_ANSI__
+ __builtin_mul_overflow_p (n, s, (ptrdiff_t) 1)
+#elif (5 <= __GNUC__ && !defined __ICC && !__STRICT_ANSI__ \
+ && PTRDIFF_MAX < SIZE_MAX)
# define xalloc_oversized(n, s) \
(__builtin_constant_p (n) && __builtin_constant_p (s) \
? __xalloc_oversized (n, s) \
- : ({ xalloc_count_t __xalloc_count; \
+ : ({ ptrdiff_t __xalloc_count; \
__builtin_mul_overflow (n, s, &__xalloc_count); }))
/* Other compilers use integer division; this may be slower but is
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 6/8] safe-alloc: simplify via reallocarray
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
` (3 preceding siblings ...)
2021-04-19 4:01 ` [PATCH 5/8] xalloc-oversized: fix SIZE_MAX optimization bug Paul Eggert
@ 2021-04-19 4:01 ` Paul Eggert
2021-04-19 4:01 ` [PATCH 7/8] calloc-gnu: now LGPLv2+ Paul Eggert
` (2 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
* lib/safe-alloc.c: Do not include xalloc-oversized.h.
(safe_alloc_alloc_n, safe_alloc_realloc_n):
Use reallocarray to check for size or ptrdiff_t overflow.
* modules/reallocarray (License): Switch from LGPL to LGPLv2+, as
this is needed for safe-alloc and anyway is more appropriate for
this library function common with BSD.
* modules/safe-alloc (Depends-on): Depend on reallocarray
rather than xalloc-oversized.
---
ChangeLog | 10 ++++++++++
lib/safe-alloc.c | 17 ++---------------
modules/reallocarray | 2 +-
modules/safe-alloc | 2 +-
4 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 1d2607a0b..76d714127 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ safe-alloc: simplify via reallocarray
+ * lib/safe-alloc.c: Do not include xalloc-oversized.h.
+ (safe_alloc_alloc_n, safe_alloc_realloc_n):
+ Use reallocarray to check for size or ptrdiff_t overflow.
+ * modules/reallocarray (License): Switch from LGPL to LGPLv2+, as
+ this is needed for safe-alloc and anyway is more appropriate for
+ this library function common with BSD.
+ * modules/safe-alloc (Depends-on): Depend on reallocarray
+ rather than xalloc-oversized.
+
xalloc-oversized: fix SIZE_MAX optimization bug
* lib/xalloc-oversized.h (xalloc_count_t): Remove; no longer
needed and was evidently error-prone anyway.
diff --git a/lib/safe-alloc.c b/lib/safe-alloc.c
index 45e770015..116ac4371 100644
--- a/lib/safe-alloc.c
+++ b/lib/safe-alloc.c
@@ -22,8 +22,6 @@
/* Specification. */
#include "safe-alloc.h"
-#include "xalloc-oversized.h"
-
#include <stdlib.h>
#include <stddef.h>
#include <errno.h>
@@ -51,16 +49,10 @@ safe_alloc_alloc_n (void *ptrptr, size_t size, size_t count, int zeroed)
return 0;
}
- if (xalloc_oversized (count, size))
- {
- errno = ENOMEM;
- return -1;
- }
-
if (zeroed)
*(void **) ptrptr = calloc (count, size);
else
- *(void **) ptrptr = malloc (count * size);
+ *(void **) ptrptr = reallocarray (NULL, count, size);
if (*(void **) ptrptr == NULL)
return -1;
@@ -91,12 +83,7 @@ safe_alloc_realloc_n (void *ptrptr, size_t size, size_t count)
*(void **) ptrptr = NULL;
return 0;
}
- if (xalloc_oversized (count, size))
- {
- errno = ENOMEM;
- return -1;
- }
- tmp = realloc (*(void **) ptrptr, size * count);
+ tmp = reallocarray (*(void **) ptrptr, size, count);
if (!tmp)
return -1;
*(void **) ptrptr = tmp;
diff --git a/modules/reallocarray b/modules/reallocarray
index 11d32bb5f..a64c6fd2d 100644
--- a/modules/reallocarray
+++ b/modules/reallocarray
@@ -26,7 +26,7 @@ Include:
<stdlib.h>
License:
-LGPL
+LGPLv2+
Maintainer:
all
diff --git a/modules/safe-alloc b/modules/safe-alloc
index 13e78dec7..9453b49ee 100644
--- a/modules/safe-alloc
+++ b/modules/safe-alloc
@@ -7,7 +7,7 @@ lib/safe-alloc.c
m4/safe-alloc.m4
Depends-on:
-xalloc-oversized
+reallocarray
configure.ac:
gl_SAFE_ALLOC
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 7/8] calloc-gnu: now LGPLv2+
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
` (4 preceding siblings ...)
2021-04-19 4:01 ` [PATCH 6/8] safe-alloc: simplify via reallocarray Paul Eggert
@ 2021-04-19 4:01 ` Paul Eggert
2021-04-19 4:01 ` [PATCH 8/8] safe-alloc: fix pointer implementation Paul Eggert
2021-04-22 18:20 ` [PATCH 1/8] safe-alloc: improve doc Eric Blake
7 siblings, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
* modules/calloc-gnu (License): Change from GPL to LGPLv2+.
The old value was evidently a longstanding typo, and calloc
will be needed by LGPLv2+ modules that will want to rely
on GNU behavior.
---
ChangeLog | 6 ++++++
modules/calloc-gnu | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 76d714127..ede998670 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ calloc-gnu: now LGPLv2+
+ * modules/calloc-gnu (License): Change from GPL to LGPLv2+.
+ The old value was evidently a longstanding typo, and calloc
+ will be needed by LGPLv2+ modules that will want to rely
+ on GNU behavior.
+
safe-alloc: simplify via reallocarray
* lib/safe-alloc.c: Do not include xalloc-oversized.h.
(safe_alloc_alloc_n, safe_alloc_realloc_n):
diff --git a/modules/calloc-gnu b/modules/calloc-gnu
index 2aa2dd1c0..bbd2a4933 100644
--- a/modules/calloc-gnu
+++ b/modules/calloc-gnu
@@ -20,7 +20,7 @@ Include:
<stdlib.h>
License:
-GPL
+LGPLv2+
Maintainer:
Jim Meyering
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 8/8] safe-alloc: fix pointer implementation
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
` (5 preceding siblings ...)
2021-04-19 4:01 ` [PATCH 7/8] calloc-gnu: now LGPLv2+ Paul Eggert
@ 2021-04-19 4:01 ` Paul Eggert
2021-04-22 18:20 ` [PATCH 1/8] safe-alloc: improve doc Eric Blake
7 siblings, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-19 4:01 UTC (permalink / raw)
To: bug-gnulib, berrange; +Cc: Paul Eggert
The old implementation assumed that all pointers use the same
internal representation, but the C standard doesn’t guarantee
this. Use void * (pointer) not void ** (pointer-to-pointer) for
the internal functions’ API. The internal functions now return
NULL if and only if they failed, and the macros translate that
into -1 or 0 to satisfy the existing API.
* doc/safe-alloc.texi (Safe Allocation Macros): Mention overflow.
* lib/safe-alloc.c: Major rewrite. Now this simply
defines SAFE_ALLOC_INLINE and includes safe-alloc.h.
* lib/safe-alloc.h: Include stddef.h, not stdlib.h.
(SAFE_ALLOC_INLINE): New macro; use Gnulib inline function style.
(safe_alloc_realloc_n): New API, which passes and returns
the pointer, and which returns NULL if and only if failure occurs.
(safe_alloc_check): New function.
(ALLOC, ALLOC_N, ALLOC_N_UNINITIALIZED, REALLOC_N):
Redo using the new API for internal functions, and using calloc
which is good enough since it’s GNU-compatible now.
(FREE): Expand to an expression rather than merely to something
that needs a following ‘;’ to become a statement.
* modules/safe-alloc (Depends-on): Add calloc-gnu.
---
ChangeLog | 22 +++++++++++
doc/safe-alloc.texi | 2 +
lib/safe-alloc.c | 90 +-------------------------------------------
lib/safe-alloc.h | 91 +++++++++++++++++++++++++--------------------
modules/safe-alloc | 1 +
5 files changed, 76 insertions(+), 130 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ede998670..2c7edd59a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,27 @@
2021-04-18 Paul Eggert <eggert@cs.ucla.edu>
+ safe-alloc: fix pointer implementation
+ The old implementation assumed that all pointers use the same
+ internal representation, but the C standard doesn’t guarantee
+ this. Use void * (pointer) not void ** (pointer-to-pointer) for
+ the internal functions’ API. The internal functions now return
+ NULL if and only if they failed, and the macros translate that
+ into -1 or 0 to satisfy the existing API.
+ * doc/safe-alloc.texi (Safe Allocation Macros): Mention overflow.
+ * lib/safe-alloc.c: Major rewrite. Now this simply
+ defines SAFE_ALLOC_INLINE and includes safe-alloc.h.
+ * lib/safe-alloc.h: Include stddef.h, not stdlib.h.
+ (SAFE_ALLOC_INLINE): New macro; use Gnulib inline function style.
+ (safe_alloc_realloc_n): New API, which passes and returns
+ the pointer, and which returns NULL if and only if failure occurs.
+ (safe_alloc_check): New function.
+ (ALLOC, ALLOC_N, ALLOC_N_UNINITIALIZED, REALLOC_N):
+ Redo using the new API for internal functions, and using calloc
+ which is good enough since it’s GNU-compatible now.
+ (FREE): Expand to an expression rather than merely to something
+ that needs a following ‘;’ to become a statement.
+ * modules/safe-alloc (Depends-on): Add calloc-gnu.
+
calloc-gnu: now LGPLv2+
* modules/calloc-gnu (License): Change from GPL to LGPLv2+.
The old value was evidently a longstanding typo, and calloc
diff --git a/doc/safe-alloc.texi b/doc/safe-alloc.texi
index d40ec65b6..e896e2598 100644
--- a/doc/safe-alloc.texi
+++ b/doc/safe-alloc.texi
@@ -13,6 +13,8 @@ Some of the memory allocation mistakes that are commonly made are
passing the incorrect number of bytes to @code{malloc}, especially
when allocating an array,
@item
+unchecked integer overflow when calculating array sizes,
+@item
fail to check the return value of @code{malloc} and @code{realloc} for
errors,
@item
diff --git a/lib/safe-alloc.c b/lib/safe-alloc.c
index 116ac4371..df061f9ef 100644
--- a/lib/safe-alloc.c
+++ b/lib/safe-alloc.c
@@ -1,91 +1,3 @@
-/* safe-alloc.c: safer memory allocation
-
- Copyright (C) 2009-2021 Free Software Foundation, Inc.
-
- This program is free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by the
- Free Software Foundation; either version 3 of the License, or any
- later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <https://www.gnu.org/licenses/>. */
-
-/* Written by Daniel Berrange <berrange@redhat.com>, 2008 */
-
#include <config.h>
-
-/* Specification. */
+#define SAFE_ALLOC_INLINE _GL_EXTERN_INLINE
#include "safe-alloc.h"
-
-#include <stdlib.h>
-#include <stddef.h>
-#include <errno.h>
-
-
-/**
- * safe_alloc_alloc_n:
- * @ptrptr: pointer to pointer for address of allocated memory
- * @size: number of bytes to allocate
- * @count: number of elements to allocate
- *
- * Allocate an array of memory 'count' elements long,
- * each with 'size' bytes. Return the address of the
- * allocated memory in 'ptrptr'. The newly allocated
- * memory is filled with zeros.
- *
- * Return -1 on failure to allocate, zero on success
- */
-int
-safe_alloc_alloc_n (void *ptrptr, size_t size, size_t count, int zeroed)
-{
- if (size == 0 || count == 0)
- {
- *(void **) ptrptr = NULL;
- return 0;
- }
-
- if (zeroed)
- *(void **) ptrptr = calloc (count, size);
- else
- *(void **) ptrptr = reallocarray (NULL, count, size);
-
- if (*(void **) ptrptr == NULL)
- return -1;
- return 0;
-}
-
-/**
- * safe_alloc_realloc_n:
- * @ptrptr: pointer to pointer for address of allocated memory
- * @size: number of bytes to allocate
- * @count: number of elements in array
- *
- * Resize the block of memory in 'ptrptr' to be an array of
- * 'count' elements, each 'size' bytes in length. Update 'ptrptr'
- * with the address of the newly allocated memory. On failure,
- * 'ptrptr' is not changed and still points to the original memory
- * block. The newly allocated memory is filled with zeros.
- *
- * Return -1 on failure to allocate, zero on success
- */
-int
-safe_alloc_realloc_n (void *ptrptr, size_t size, size_t count)
-{
- void *tmp;
- if (size == 0 || count == 0)
- {
- free (*(void **) ptrptr);
- *(void **) ptrptr = NULL;
- return 0;
- }
- tmp = reallocarray (*(void **) ptrptr, size, count);
- if (!tmp)
- return -1;
- *(void **) ptrptr = tmp;
- return 0;
-}
diff --git a/lib/safe-alloc.h b/lib/safe-alloc.h
index 1c655734e..7de424f3c 100644
--- a/lib/safe-alloc.h
+++ b/lib/safe-alloc.h
@@ -15,76 +15,89 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. */
-/* Written by Daniel Berrange <berrange@redhat.com>, 2008 */
+/* Written by Daniel Berrange and Paul Eggert. */
#ifndef SAFE_ALLOC_H_
-# define SAFE_ALLOC_H_
+#define SAFE_ALLOC_H_
-# include <stdlib.h>
+#include <stdlib.h>
-/* Don't call these directly - use the macros below */
-int
-safe_alloc_alloc_n (void *ptrptr, size_t size, size_t count, int zeroed)
- _GL_ATTRIBUTE_NODISCARD;
+#ifndef _GL_INLINE_HEADER_BEGIN
+ #error "Please include config.h first."
+#endif
+_GL_INLINE_HEADER_BEGIN
+#ifndef SAFE_ALLOC_INLINE
+# define SAFE_ALLOC_INLINE _GL_INLINE
+#endif
-int
-safe_alloc_realloc_n (void *ptrptr, size_t size, size_t count)
- _GL_ATTRIBUTE_NODISCARD;
+/* Don't call these directly - use the macros below. */
+SAFE_ALLOC_INLINE void *
+safe_alloc_realloc_n (void *ptr, size_t count, size_t size)
+{
+ if (count == 0 || size == 0)
+ count = size = 1;
+ return reallocarray (ptr, count, size);
+}
+SAFE_ALLOC_INLINE int _GL_ATTRIBUTE_NODISCARD
+safe_alloc_check (void *ptr)
+{
+ /* Return 0 if the allocation was successful, -1 otherwise. */
+ return -!ptr;
+}
/**
* ALLOC:
- * @ptr: pointer to hold address of allocated memory
+ * @ptr: pointer to allocated memory
*
- * Allocate sizeof(*ptr) bytes of memory and store
- * the address of allocated memory in 'ptr'. Fill the
+ * Allocate sizeof *ptr bytes of memory and store
+ * the address of allocated memory in 'ptr'. Fill the
* newly allocated memory with zeros.
*
- * Return -1 on failure to allocate, zero on success
+ * Return -1 on failure to allocate, zero on success.
*/
-# define ALLOC(ptr) \
- safe_alloc_alloc_n (&(ptr), sizeof (*(ptr)), 1, 1)
+#define ALLOC(ptr) ALLOC_N (ptr, 1)
/**
* ALLOC_N:
- * @ptr: pointer to hold address of allocated memory
+ * @ptr: pointer to allocated memory
* @count: number of elements to allocate
*
- * Allocate an array of 'count' elements, each sizeof(*ptr)
+ * Allocate an array of 'count' elements, each sizeof *ptr
* bytes long and store the address of allocated memory in
- * 'ptr'. Fill the newly allocated memory with zeros.
+ * 'ptr'. Fill the newly allocated memory with zeros.
*
- * Return -1 on failure, 0 on success
+ * Return -1 on failure, 0 on success.
*/
-# define ALLOC_N(ptr, count) \
- safe_alloc_alloc_n (&(ptr), sizeof (*(ptr)), (count), 1)
+#define ALLOC_N(ptr, count) \
+ safe_alloc_check ((ptr) = calloc (count, sizeof *(ptr)))
/**
* ALLOC_N_UNINITIALIZED:
- * @ptr: pointer to hold address of allocated memory
+ * @ptr: pointer to allocated memory
* @count: number of elements to allocate
*
- * Allocate an array of 'count' elements, each sizeof(*ptr)
+ * Allocate an array of 'count' elements, each sizeof *ptr
* bytes long and store the address of allocated memory in
- * 'ptr'. Do not initialize the new memory at all.
+ * 'ptr'. Do not initialize the new memory at all.
*
- * Return -1 on failure to allocate, zero on success
+ * Return -1 on failure to allocate, zero on success.
*/
-# define ALLOC_N_UNINITIALIZED(ptr, count) \
- safe_alloc_alloc_n (&(ptr), sizeof (*(ptr)), (count), 0)
+#define ALLOC_N_UNINITIALIZED(ptr, count) \
+ safe_alloc_check ((ptr) = safe_alloc_realloc_n (NULL, count, sizeof *(ptr)))
/**
* REALLOC_N:
- * @ptr: pointer to hold address of allocated memory
+ * @ptr: pointer to allocated memory
* @count: number of elements to allocate
*
- * Re-allocate an array of 'count' elements, each sizeof(*ptr)
+ * Re-allocate an array of 'count' elements, each sizeof *ptr
* bytes long and store the address of allocated memory in
- * 'ptr'. Fill the newly allocated memory with zeros
+ * 'ptr'. Fill the newly allocated memory with zeros.
*
- * Return -1 on failure to reallocate, zero on success
+ * Return -1 on failure to reallocate, zero on success.
*/
-# define REALLOC_N(ptr, count) \
- safe_alloc_realloc_n (&(ptr), sizeof (*(ptr)), (count))
+#define REALLOC_N(ptr, count) \
+ safe_alloc_check ((ptr) = safe_alloc_realloc_n (ptr, count, sizeof *(ptr)))
/**
* FREE:
@@ -93,12 +106,8 @@ safe_alloc_realloc_n (void *ptrptr, size_t size, size_t count)
* Free the memory stored in 'ptr' and update to point
* to NULL.
*/
-# define FREE(ptr) \
- do \
- { \
- free (ptr); \
- (ptr) = NULL; \
- } \
- while (0)
+#define FREE(ptr) ((void) (free (ptr), (ptr) = NULL))
+
+_GL_INLINE_HEADER_END
#endif /* SAFE_ALLOC_H_ */
diff --git a/modules/safe-alloc b/modules/safe-alloc
index 9453b49ee..180aa8a2d 100644
--- a/modules/safe-alloc
+++ b/modules/safe-alloc
@@ -7,6 +7,7 @@ lib/safe-alloc.c
m4/safe-alloc.m4
Depends-on:
+calloc-gnu
reallocarray
configure.ac:
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 4/8] xalloc: new function xreallocarray
2021-04-19 4:01 ` [PATCH 4/8] xalloc: new function xreallocarray Paul Eggert
@ 2021-04-22 0:18 ` Bruno Haible
2021-04-22 19:39 ` Paul Eggert
2021-10-19 23:49 ` Paul Eggert
0 siblings, 2 replies; 15+ messages in thread
From: Bruno Haible @ 2021-04-22 0:18 UTC (permalink / raw)
To: bug-gnulib; +Cc: Paul Eggert, berrange
Paul Eggert wrote:
> + xalloc: new function xreallocarray
> + This effectively replaces xnmalloc, which perhaps should be deprecated.
> + The name xreallocarray should be easier to remember now that
> + reallocarray is a standard GNU function.
I disagree that xnmalloc should be deprecated. In 90% of the cases where
I use xnmalloc() or its macro equivalent XNMALLOC, it's for arrays that
get allocated once and freed once.
xnmalloc and XNMALLOC take 2 arguments, whereas xreallocarray takes 3
arguments. It is often possible to express a function with a simple
interface as a special case of a more complex function. If, in many
use-cases, the simpler function is sufficient, users should not be
forced to understand the more complex function.
No one has ever proposed to deprecate malloc(), although it is a special
case of realloc(). Or to deprecate gettext(), on the grounds that it is
a special case of dcgettext().
Bruno
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/8] safe-alloc: improve doc
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
` (6 preceding siblings ...)
2021-04-19 4:01 ` [PATCH 8/8] safe-alloc: fix pointer implementation Paul Eggert
@ 2021-04-22 18:20 ` Eric Blake
2021-04-22 19:32 ` Paul Eggert
2021-04-22 20:27 ` Eric Blake
7 siblings, 2 replies; 15+ messages in thread
From: Eric Blake @ 2021-04-22 18:20 UTC (permalink / raw)
To: Paul Eggert, bug-gnulib, berrange
On 4/18/21 11:01 PM, Paul Eggert wrote:
> * doc/safe-alloc.texi: Clarify that reallocating an array appends
> uninitialized storage. Say ‘sizeof *p’ rather than ‘sizeof(*p)’
> which would need a space before the paren to follow GNU style.
Something in you recent malloc work (I'm not yet sure if it was this
particular series) is breaking compilation on Fedora Rawhide:
CC regex.o
In file included from regexec.c:1368,
from regex.c:74:
./malloc/dynarray-skeleton.c:195:24: error: expected declaration
specifiers or '...' before '(' token
195 | __attribute_nonnull__ ((1))
| ^
Looks like the definition of macro __attribute_nonnull__ from cdefs.h
is no longer implicitly picked up by the system headers used in that file.
I'm still poking around to see if I can fix it, but you're welcome to
beat me to it..
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/8] safe-alloc: improve doc
2021-04-22 18:20 ` [PATCH 1/8] safe-alloc: improve doc Eric Blake
@ 2021-04-22 19:32 ` Paul Eggert
2021-04-22 19:43 ` Eric Blake
2021-04-22 20:27 ` Eric Blake
1 sibling, 1 reply; 15+ messages in thread
From: Paul Eggert @ 2021-04-22 19:32 UTC (permalink / raw)
To: Eric Blake, bug-gnulib, berrange
[-- Attachment #1: Type: text/plain, Size: 327 bytes --]
On 4/22/21 11:20 AM, Eric Blake wrote:
> Looks like the definition of macro __attribute_nonnull__ from cdefs.h
> is no longer implicitly picked up by the system headers used in that file.
I installed the attached Gnulib patch to fix that; please give it a try.
If it works, we should sync Gnulib's cdefs.h back into glibc.
[-- Attachment #2: 0001-libc-config-port-better-to-Fedora-Rawhide.patch --]
[-- Type: text/x-patch, Size: 3950 bytes --]
From eb32c992c90617b529e2ce08ad6014d418dceaf9 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 22 Apr 2021 12:29:49 -0700
Subject: [PATCH] libc-config: port better to Fedora Rawhide
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Problem reported by Eric Blake in:
https://lists.gnu.org/r/bug-gnulib/2021-04/msg00181.html
* lib/cdefs.h: Make this closer to glibc, so that we can
merge Gnulib into glibc here.
(__attribute_maybe_unused__): Make identical to glibc’s
definition, though with an additional comment.
(__attribute_nonnull__): Add clarifying comment.
Make inclusion of bits/wordsize.h, bits/long-double.h
dependent on __GLIBC__, not on !__WORDSIZE.
* lib/libc-config.h: Use __attribute_nonnull__,
not __attribute_maybe_unused__, to detect whether
to include sys/cdefs.h.
---
ChangeLog | 16 ++++++++++++++++
lib/cdefs.h | 14 +++++++++-----
lib/libc-config.h | 2 +-
3 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 579284336..eacc4a53f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2021-04-22 Paul Eggert <eggert@cs.ucla.edu>
+
+ libc-config: port better to Fedora Rawhide
+ Problem reported by Eric Blake in:
+ https://lists.gnu.org/r/bug-gnulib/2021-04/msg00181.html
+ * lib/cdefs.h: Make this closer to glibc, so that we can
+ merge Gnulib into glibc here.
+ (__attribute_maybe_unused__): Make identical to glibc’s
+ definition, though with an additional comment.
+ (__attribute_nonnull__): Add clarifying comment.
+ Make inclusion of bits/wordsize.h, bits/long-double.h
+ dependent on __GLIBC__, not on !__WORDSIZE.
+ * lib/libc-config.h: Use __attribute_nonnull__,
+ not __attribute_maybe_unused__, to detect whether
+ to include sys/cdefs.h.
+
2021-04-21 Paul Eggert <eggert@cs.ucla.edu>
realloc: port to AIX 7.1
diff --git a/lib/cdefs.h b/lib/cdefs.h
index 90f97412a..9618152ab 100644
--- a/lib/cdefs.h
+++ b/lib/cdefs.h
@@ -259,10 +259,12 @@
# define __attribute_const__ /* Ignore */
#endif
-#if defined __STDC_VERSION__ && 201710L < __STDC_VERSION__
-# define __attribute_maybe_unused__ [[__maybe_unused__]]
-#elif __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__)
+#if __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__)
# define __attribute_maybe_unused__ __attribute__ ((__unused__))
+/* Once the next version of the C standard comes out, we can
+ do something like the following here:
+ #elif defined __STDC_VERSION__ && 202???L <= __STDC_VERSION__
+ # define __attribute_maybe_unused__ [[__maybe_unused__]] */
#else
# define __attribute_maybe_unused__ /* Ignore */
#endif
@@ -320,7 +322,9 @@
#endif
/* The nonnull function attribute marks pointer parameters that
- must not be NULL. */
+ must not be NULL. This has the name __nonnull in glibc,
+ and __attribute_nonnull__ in files shared with Gnulib to avoid
+ collision with a different __nonnull in DragonFlyBSD 5.9. */
#ifndef __attribute_nonnull__
# if __GNUC_PREREQ (3,3) || __glibc_has_attribute (__nonnull__)
# define __attribute_nonnull__(params) __attribute__ ((__nonnull__ params))
@@ -487,7 +491,7 @@
/* The #ifndef lets Gnulib avoid including these on non-glibc
platforms, where the includes typically do not exist. */
-#ifndef __WORDSIZE
+#ifdef __GLIBC__
# include <bits/wordsize.h>
# include <bits/long-double.h>
#endif
diff --git a/lib/libc-config.h b/lib/libc-config.h
index f14013f7e..f2c86144b 100644
--- a/lib/libc-config.h
+++ b/lib/libc-config.h
@@ -71,7 +71,7 @@
# endif
#endif
-#ifndef __attribute_maybe_unused__
+#ifndef __attribute_nonnull__
/* <sys/cdefs.h> either does not exist, or is too old for Gnulib.
Prepare to include <cdefs.h>, which is Gnulib's version of a
more-recent glibc <sys/cdefs.h>. */
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 4/8] xalloc: new function xreallocarray
2021-04-22 0:18 ` Bruno Haible
@ 2021-04-22 19:39 ` Paul Eggert
2021-10-19 23:49 ` Paul Eggert
1 sibling, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-04-22 19:39 UTC (permalink / raw)
To: Bruno Haible, bug-gnulib; +Cc: berrange
[-- Attachment #1: Type: text/plain, Size: 215 bytes --]
On 4/21/21 5:18 PM, Bruno Haible wrote:
> I disagree that xnmalloc should be deprecated.
I agree. That was a thinko in my ChangeLog entry; I meant to write
"xnrealloc". Sorry about that. I installed the attached.
[-- Attachment #2: 0001-ChangeLog-Fix-thinko.patch --]
[-- Type: text/x-patch, Size: 818 bytes --]
From ca883666cb34922d9ab1bd0ac0101970c7aa3910 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 22 Apr 2021 12:35:57 -0700
Subject: [PATCH] * ChangeLog: Fix thinko.
---
ChangeLog | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index eacc4a53f..ec81fe4b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -116,7 +116,7 @@
When optimizing, simply use ptrdiff_t instead of xalloc_count_t.
xalloc: new function xreallocarray
- This effectively replaces xnmalloc, which perhaps should be deprecated.
+ This is the same as xnrealloc, which perhaps should be deprecated.
The name xreallocarray should be easier to remember now that
reallocarray is a standard GNU function.
* lib/xalloc.h [GNULIB_XALLOC]: Do not include xalloc-oversized.h.
--
2.27.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 1/8] safe-alloc: improve doc
2021-04-22 19:32 ` Paul Eggert
@ 2021-04-22 19:43 ` Eric Blake
0 siblings, 0 replies; 15+ messages in thread
From: Eric Blake @ 2021-04-22 19:43 UTC (permalink / raw)
To: Paul Eggert, bug-gnulib, berrange
On 4/22/21 2:32 PM, Paul Eggert wrote:
> On 4/22/21 11:20 AM, Eric Blake wrote:
>
>> Looks like the definition of macro __attribute_nonnull__ from cdefs.h
>> is no longer implicitly picked up by the system headers used in that
>> file.
>
> I installed the attached Gnulib patch to fix that; please give it a try.
>
> If it works, we should sync Gnulib's cdefs.h back into glibc.
Yep, that got it. Thanks for a quick fix.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/8] safe-alloc: improve doc
2021-04-22 18:20 ` [PATCH 1/8] safe-alloc: improve doc Eric Blake
2021-04-22 19:32 ` Paul Eggert
@ 2021-04-22 20:27 ` Eric Blake
1 sibling, 0 replies; 15+ messages in thread
From: Eric Blake @ 2021-04-22 20:27 UTC (permalink / raw)
To: Paul Eggert, bug-gnulib, berrange
On 4/22/21 1:20 PM, Eric Blake wrote:
> On 4/18/21 11:01 PM, Paul Eggert wrote:
>> * doc/safe-alloc.texi: Clarify that reallocating an array appends
>> uninitialized storage. Say ‘sizeof *p’ rather than ‘sizeof(*p)’
>> which would need a space before the paren to follow GNU style.
>
> Something in you recent malloc work (I'm not yet sure if it was this
> particular series) is breaking compilation on Fedora Rawhide:
>
> CC regex.o
> In file included from regexec.c:1368,
> from regex.c:74:
> ./malloc/dynarray-skeleton.c:195:24: error: expected declaration
> specifiers or '...' before '(' token
> 195 | __attribute_nonnull__ ((1))
> | ^
>
For closure on this thread, my git bisect finally ended at fc6d7d850
"libc-config: port to DragonFlyBSD 5.9" as the point the problem was
introduced; but since the fix is already in, this observation is now
just for archival purposes
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 4/8] xalloc: new function xreallocarray
2021-04-22 0:18 ` Bruno Haible
2021-04-22 19:39 ` Paul Eggert
@ 2021-10-19 23:49 ` Paul Eggert
1 sibling, 0 replies; 15+ messages in thread
From: Paul Eggert @ 2021-10-19 23:49 UTC (permalink / raw)
To: Bruno Haible; +Cc: bug-gnulib, berrange
[-- Attachment #1: Type: text/plain, Size: 1116 bytes --]
On 4/21/21 17:18, Bruno Haible wrote:
> xnmalloc and XNMALLOC take 2 arguments, whereas xreallocarray takes 3
> arguments. It is often possible to express a function with a simple
> interface as a special case of a more complex function. If, in many
> use-cases, the simpler function is sufficient, users should not be
> forced to understand the more complex function.
Good point. Also, xnmalloc enables better static checking, as it has
__attribute__ ((__malloc__)), __attribute__ ((__malloc__ (free, 1))),
and __attribute__ ((__returns_nonnull__)), whereas xreallocarray
doesn't have these.
I noticed this when converting GNU diffutils to use ximalloc etc, and
this this convinced me to add xinmalloc, by installing the attached
patch. I plan to use this in GNU diffutils and probably other apps.
Should we change xreallocarray to always return nonnull? We could then
add __attribute__ ((__returns_nonnull__)) to its declaration. This might
help performance and/or static checking a bit. The only downside I can
see is that xreallocarray's semantics would differ a bit more from glibc
reallocarray's.
[-- Attachment #2: 0001-xalloc-new-function-xinmalloc.patch --]
[-- Type: text/x-patch, Size: 1909 bytes --]
From de6894e291369f73dc343d544b29367493b312b4 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 19 Oct 2021 16:31:32 -0700
Subject: [PATCH] xalloc: new function xinmalloc
* lib/xmalloc.c (xinmalloc): New function, which is like
xnmalloc but for idx_t instead of size_t.
---
ChangeLog | 6 ++++++
lib/xalloc.h | 3 +++
lib/xmalloc.c | 6 ++++++
3 files changed, 15 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index a017453dc..2f19e30a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2021-10-19 Paul Eggert <eggert@cs.ucla.edu>
+
+ xalloc: new function xinmalloc
+ * lib/xmalloc.c (xinmalloc): New function, which is like
+ xnmalloc but for idx_t instead of size_t.
+
2021-10-18 Paul Eggert <eggert@cs.ucla.edu>
regex: fix buffer read overrrun
diff --git a/lib/xalloc.h b/lib/xalloc.h
index ee07113fe..7f2c3fb8a 100644
--- a/lib/xalloc.h
+++ b/lib/xalloc.h
@@ -60,6 +60,9 @@ void *xmalloc (size_t s)
void *ximalloc (idx_t s)
_GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC_FREE
_GL_ATTRIBUTE_ALLOC_SIZE ((1)) _GL_ATTRIBUTE_RETURNS_NONNULL;
+void *xinmalloc (idx_t n, idx_t s)
+ _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC_FREE
+ _GL_ATTRIBUTE_ALLOC_SIZE ((1, 2)) _GL_ATTRIBUTE_RETURNS_NONNULL;
void *xzalloc (size_t s)
_GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC_FREE
_GL_ATTRIBUTE_ALLOC_SIZE ((1)) _GL_ATTRIBUTE_RETURNS_NONNULL;
diff --git a/lib/xmalloc.c b/lib/xmalloc.c
index 51a0832de..d5def0bc7 100644
--- a/lib/xmalloc.c
+++ b/lib/xmalloc.c
@@ -101,6 +101,12 @@ xnmalloc (size_t n, size_t s)
return xreallocarray (NULL, n, s);
}
+void *
+xinmalloc (idx_t n, idx_t s)
+{
+ return xireallocarray (NULL, n, s);
+}
+
/* If P is null, allocate a block of at least *PS bytes; otherwise,
reallocate P so that it contains more than *PS bytes. *PS must be
nonzero unless P is null. Set *PS to the new block's size, and
--
2.31.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
end of thread, other threads:[~2021-10-19 23:50 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-19 4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
2021-04-19 4:01 ` [PATCH 2/8] backupfile: simplify via realloc-gnu Paul Eggert
2021-04-19 4:01 ` [PATCH 3/8] group-member: " Paul Eggert
2021-04-19 4:01 ` [PATCH 4/8] xalloc: new function xreallocarray Paul Eggert
2021-04-22 0:18 ` Bruno Haible
2021-04-22 19:39 ` Paul Eggert
2021-10-19 23:49 ` Paul Eggert
2021-04-19 4:01 ` [PATCH 5/8] xalloc-oversized: fix SIZE_MAX optimization bug Paul Eggert
2021-04-19 4:01 ` [PATCH 6/8] safe-alloc: simplify via reallocarray Paul Eggert
2021-04-19 4:01 ` [PATCH 7/8] calloc-gnu: now LGPLv2+ Paul Eggert
2021-04-19 4:01 ` [PATCH 8/8] safe-alloc: fix pointer implementation Paul Eggert
2021-04-22 18:20 ` [PATCH 1/8] safe-alloc: improve doc Eric Blake
2021-04-22 19:32 ` Paul Eggert
2021-04-22 19:43 ` Eric Blake
2021-04-22 20:27 ` Eric Blake
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).