summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormichi_cc <michi_cc@openttd.org>2011-09-02 20:54:51 +0000
committermichi_cc <michi_cc@openttd.org>2011-09-02 20:54:51 +0000
commitf227e90c248b37fe50c9e48a08a1bb976c782e9f (patch)
tree08d88d27ff581ebc89f0f16acb35d156ad6a84be
parent65637d89411e96dee5ee9fc2e8a7b3805c4162a2 (diff)
downloadopenttd-f227e90c248b37fe50c9e48a08a1bb976c782e9f.tar.xz
(svn r22875) -Codechange: Add some asserts and checks to better prevent overflow of the argument to malloc. (monoid)
-rw-r--r--src/core/alloc_func.hpp10
-rw-r--r--src/misc/binaryheap.hpp2
-rw-r--r--src/misc/blob.hpp1
-rw-r--r--src/misc/fixedsizearray.hpp3
-rw-r--r--src/pathfinder/npf/queue.cpp3
-rw-r--r--src/stdafx.h4
6 files changed, 22 insertions, 1 deletions
diff --git a/src/core/alloc_func.hpp b/src/core/alloc_func.hpp
index 6f70627ed..7bd09b004 100644
--- a/src/core/alloc_func.hpp
+++ b/src/core/alloc_func.hpp
@@ -42,6 +42,9 @@ static FORCEINLINE T *MallocT(size_t num_elements)
*/
if (num_elements == 0) return NULL;
+ /* Ensure the size does not overflow. */
+ if (num_elements > SIZE_MAX / sizeof(T)) MallocError(SIZE_MAX);
+
T *t_ptr = (T*)malloc(num_elements * sizeof(T));
if (t_ptr == NULL) MallocError(num_elements * sizeof(T));
return t_ptr;
@@ -96,12 +99,17 @@ static FORCEINLINE T *ReallocT(T *t_ptr, size_t num_elements)
return NULL;
}
+ /* Ensure the size does not overflow. */
+ if (num_elements > SIZE_MAX / sizeof(T)) MallocError(SIZE_MAX);
+
t_ptr = (T*)realloc(t_ptr, num_elements * sizeof(T));
if (t_ptr == NULL) ReallocError(num_elements * sizeof(T));
return t_ptr;
}
/** alloca() has to be called in the parent function, so define AllocaM() as a macro */
-#define AllocaM(T, num_elements) ((T*)alloca((num_elements) * sizeof(T)))
+#define AllocaM(T, num_elements) \
+ ((num_elements) > SIZE_MAX / sizeof(T) && (MallocError(SIZE_MAX), NULL), \
+ (T*)alloca((num_elements) * sizeof(T)))
#endif /* ALLOC_FUNC_HPP */
diff --git a/src/misc/binaryheap.hpp b/src/misc/binaryheap.hpp
index 76f93371e..55730a2ce 100644
--- a/src/misc/binaryheap.hpp
+++ b/src/misc/binaryheap.hpp
@@ -204,6 +204,8 @@ public:
FORCEINLINE void Include(T *new_item)
{
if (this->IsFull()) {
+ assert(this->capacity < UINT_MAX / 2);
+
this->capacity *= 2;
this->data = ReallocT<T*>(this->data, this->capacity + 1);
}
diff --git a/src/misc/blob.hpp b/src/misc/blob.hpp
index bd83904ea..94459a365 100644
--- a/src/misc/blob.hpp
+++ b/src/misc/blob.hpp
@@ -260,6 +260,7 @@ public:
if (Capacity() >= new_size) return;
/* calculate minimum block size we need to allocate
* and ask allocation policy for some reasonable block size */
+ assert(new_size < SIZE_MAX - header_size - tail_reserve);
new_size = AllocPolicy(header_size + new_size + tail_reserve);
/* allocate new block and setup header */
diff --git a/src/misc/fixedsizearray.hpp b/src/misc/fixedsizearray.hpp
index 8b82373fa..a6f4d0c42 100644
--- a/src/misc/fixedsizearray.hpp
+++ b/src/misc/fixedsizearray.hpp
@@ -53,6 +53,9 @@ public:
/** Default constructor. Preallocate space for items and header, then initialize header. */
FixedSizeArray()
{
+ /* Ensure the size won't overflow. */
+ assert_compile(C < (SIZE_MAX - HeaderSize) / Tsize);
+
/* allocate block for header + items (don't construct items) */
data = (T*)((MallocT<byte>(HeaderSize + C * Tsize)) + HeaderSize);
SizeRef() = 0; // initial number of items
diff --git a/src/pathfinder/npf/queue.cpp b/src/pathfinder/npf/queue.cpp
index b235c3b0e..b12c59d6c 100644
--- a/src/pathfinder/npf/queue.cpp
+++ b/src/pathfinder/npf/queue.cpp
@@ -234,6 +234,9 @@ void Hash::Init(Hash_HashProc *hash, uint num_buckets)
/* Allocate space for the Hash, the buckets and the bucket flags */
uint i;
+ /* Ensure the size won't overflow. */
+ assert(num_buckets < SIZE_MAX / (sizeof(*this->buckets) + sizeof(*this->buckets_in_use)));
+
this->hash = hash;
this->size = 0;
this->num_buckets = num_buckets;
diff --git a/src/stdafx.h b/src/stdafx.h
index 4d61cf8b5..c50a93eba 100644
--- a/src/stdafx.h
+++ b/src/stdafx.h
@@ -63,6 +63,10 @@
#include <climits>
#include <cassert>
+#ifndef SIZE_MAX
+ #define SIZE_MAX ((size_t)-1)
+#endif
+
#if defined(UNIX) || defined(__MINGW32__)
#include <sys/types.h>
#endif