340 lines
8.2 KiB
C
340 lines
8.2 KiB
C
/* xmalloc.c -- malloc with out of memory checking
|
|
|
|
Copyright (C) 1990-2000, 2002-2006, 2008-2022 Free Software Foundation, Inc.
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>. */
|
|
|
|
#include <config.h>
|
|
|
|
#define XALLOC_INLINE _GL_EXTERN_INLINE
|
|
|
|
#include "xalloc.h"
|
|
|
|
#include "ialloc.h"
|
|
#include "intprops.h"
|
|
#include "minmax.h"
|
|
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
static void * _GL_ATTRIBUTE_PURE
|
|
nonnull (void *p)
|
|
{
|
|
if (!p)
|
|
xalloc_die ();
|
|
return p;
|
|
}
|
|
|
|
/* Allocate S bytes of memory dynamically, with error checking. */
|
|
|
|
void *
|
|
xmalloc (size_t s)
|
|
{
|
|
return nonnull (malloc (s));
|
|
}
|
|
|
|
void *
|
|
ximalloc (idx_t s)
|
|
{
|
|
return nonnull (imalloc (s));
|
|
}
|
|
|
|
char *
|
|
xcharalloc (size_t n)
|
|
{
|
|
return XNMALLOC (n, char);
|
|
}
|
|
|
|
/* Change the size of an allocated block of memory P to S bytes,
|
|
with error checking. */
|
|
|
|
void *
|
|
xrealloc (void *p, size_t s)
|
|
{
|
|
void *r = realloc (p, s);
|
|
if (!r && (!p || s))
|
|
xalloc_die ();
|
|
return r;
|
|
}
|
|
|
|
void *
|
|
xirealloc (void *p, idx_t s)
|
|
{
|
|
return nonnull (irealloc (p, s));
|
|
}
|
|
|
|
/* Change the size of an allocated block of memory P to an array of N
|
|
objects each of S bytes, with error checking. */
|
|
|
|
void *
|
|
xreallocarray (void *p, size_t n, size_t s)
|
|
{
|
|
void *r = reallocarray (p, n, s);
|
|
if (!r && (!p || (n && s)))
|
|
xalloc_die ();
|
|
return r;
|
|
}
|
|
|
|
void *
|
|
xireallocarray (void *p, idx_t n, idx_t s)
|
|
{
|
|
return nonnull (ireallocarray (p, n, s));
|
|
}
|
|
|
|
/* Allocate an array of N objects, each with S bytes of memory,
|
|
dynamically, with error checking. S must be nonzero. */
|
|
|
|
void *
|
|
xnmalloc (size_t n, size_t s)
|
|
{
|
|
return xreallocarray (NULL, n, s);
|
|
}
|
|
|
|
void *
|
|
xinmalloc (idx_t n, idx_t s)
|
|
{
|
|
return xireallocarray (NULL, n, s);
|
|
}
|
|
|
|
/* If P is null, allocate a block of at least *PS bytes; otherwise,
|
|
reallocate P so that it contains more than *PS bytes. *PS must be
|
|
nonzero unless P is null. Set *PS to the new block's size, and
|
|
return the pointer to the new block. *PS is never set to zero, and
|
|
the returned pointer is never null. */
|
|
|
|
void *
|
|
x2realloc (void *p, size_t *ps)
|
|
{
|
|
return x2nrealloc (p, ps, 1);
|
|
}
|
|
|
|
/* If P is null, allocate a block of at least *PN such objects;
|
|
otherwise, reallocate P so that it contains more than *PN objects
|
|
each of S bytes. S must be nonzero. Set *PN to the new number of
|
|
objects, and return the pointer to the new block. *PN is never set
|
|
to zero, and the returned pointer is never null.
|
|
|
|
Repeated reallocations are guaranteed to make progress, either by
|
|
allocating an initial block with a nonzero size, or by allocating a
|
|
larger block.
|
|
|
|
In the following implementation, nonzero sizes are increased by a
|
|
factor of approximately 1.5 so that repeated reallocations have
|
|
O(N) overall cost rather than O(N**2) cost, but the
|
|
specification for this function does not guarantee that rate.
|
|
|
|
Here is an example of use:
|
|
|
|
int *p = NULL;
|
|
size_t used = 0;
|
|
size_t allocated = 0;
|
|
|
|
void
|
|
append_int (int value)
|
|
{
|
|
if (used == allocated)
|
|
p = x2nrealloc (p, &allocated, sizeof *p);
|
|
p[used++] = value;
|
|
}
|
|
|
|
This causes x2nrealloc to allocate a block of some nonzero size the
|
|
first time it is called.
|
|
|
|
To have finer-grained control over the initial size, set *PN to a
|
|
nonzero value before calling this function with P == NULL. For
|
|
example:
|
|
|
|
int *p = NULL;
|
|
size_t used = 0;
|
|
size_t allocated = 0;
|
|
size_t allocated1 = 1000;
|
|
|
|
void
|
|
append_int (int value)
|
|
{
|
|
if (used == allocated)
|
|
{
|
|
p = x2nrealloc (p, &allocated1, sizeof *p);
|
|
allocated = allocated1;
|
|
}
|
|
p[used++] = value;
|
|
}
|
|
|
|
*/
|
|
|
|
void *
|
|
x2nrealloc (void *p, size_t *pn, size_t s)
|
|
{
|
|
size_t n = *pn;
|
|
|
|
if (! p)
|
|
{
|
|
if (! n)
|
|
{
|
|
/* The approximate size to use for initial small allocation
|
|
requests, when the invoking code specifies an old size of
|
|
zero. This is the largest "small" request for the GNU C
|
|
library malloc. */
|
|
enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 };
|
|
|
|
n = DEFAULT_MXFAST / s;
|
|
n += !n;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* Set N = floor (1.5 * N) + 1 to make progress even if N == 0. */
|
|
if (INT_ADD_WRAPV (n, (n >> 1) + 1, &n))
|
|
xalloc_die ();
|
|
}
|
|
|
|
p = xreallocarray (p, n, s);
|
|
*pn = n;
|
|
return p;
|
|
}
|
|
|
|
/* Grow PA, which points to an array of *PN items, and return the
|
|
location of the reallocated array, updating *PN to reflect its
|
|
new size. The new array will contain at least N_INCR_MIN more
|
|
items, but will not contain more than N_MAX items total.
|
|
S is the size of each item, in bytes.
|
|
|
|
S and N_INCR_MIN must be positive. *PN must be
|
|
nonnegative. If N_MAX is -1, it is treated as if it were
|
|
infinity.
|
|
|
|
If PA is null, then allocate a new array instead of reallocating
|
|
the old one.
|
|
|
|
Thus, to grow an array A without saving its old contents, do
|
|
{ free (A); A = xpalloc (NULL, &AITEMS, ...); }. */
|
|
|
|
void *
|
|
xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s)
|
|
{
|
|
idx_t n0 = *pn;
|
|
|
|
/* The approximate size to use for initial small allocation
|
|
requests. This is the largest "small" request for the GNU C
|
|
library malloc. */
|
|
enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 };
|
|
|
|
/* If the array is tiny, grow it to about (but no greater than)
|
|
DEFAULT_MXFAST bytes. Otherwise, grow it by about 50%.
|
|
Adjust the growth according to three constraints: N_INCR_MIN,
|
|
N_MAX, and what the C language can represent safely. */
|
|
|
|
idx_t n;
|
|
if (INT_ADD_WRAPV (n0, n0 >> 1, &n))
|
|
n = IDX_MAX;
|
|
if (0 <= n_max && n_max < n)
|
|
n = n_max;
|
|
|
|
/* NBYTES is of a type suitable for holding the count of bytes in an object.
|
|
This is typically idx_t, but it should be size_t on (theoretical?)
|
|
platforms where SIZE_MAX < IDX_MAX so xpalloc does not pass
|
|
values greater than SIZE_MAX to xrealloc. */
|
|
#if IDX_MAX <= SIZE_MAX
|
|
idx_t nbytes;
|
|
#else
|
|
size_t nbytes;
|
|
#endif
|
|
idx_t adjusted_nbytes
|
|
= (INT_MULTIPLY_WRAPV (n, s, &nbytes)
|
|
? MIN (IDX_MAX, SIZE_MAX)
|
|
: nbytes < DEFAULT_MXFAST ? DEFAULT_MXFAST : 0);
|
|
if (adjusted_nbytes)
|
|
{
|
|
n = adjusted_nbytes / s;
|
|
nbytes = adjusted_nbytes - adjusted_nbytes % s;
|
|
}
|
|
|
|
if (! pa)
|
|
*pn = 0;
|
|
if (n - n0 < n_incr_min
|
|
&& (INT_ADD_WRAPV (n0, n_incr_min, &n)
|
|
|| (0 <= n_max && n_max < n)
|
|
|| INT_MULTIPLY_WRAPV (n, s, &nbytes)))
|
|
xalloc_die ();
|
|
pa = xrealloc (pa, nbytes);
|
|
*pn = n;
|
|
return pa;
|
|
}
|
|
|
|
/* Allocate S bytes of zeroed memory dynamically, with error checking.
|
|
There's no need for xnzalloc (N, S), since it would be equivalent
|
|
to xcalloc (N, S). */
|
|
|
|
void *
|
|
xzalloc (size_t s)
|
|
{
|
|
return xcalloc (s, 1);
|
|
}
|
|
|
|
void *
|
|
xizalloc (idx_t s)
|
|
{
|
|
return xicalloc (s, 1);
|
|
}
|
|
|
|
/* Allocate zeroed memory for N elements of S bytes, with error
|
|
checking. S must be nonzero. */
|
|
|
|
void *
|
|
xcalloc (size_t n, size_t s)
|
|
{
|
|
return nonnull (calloc (n, s));
|
|
}
|
|
|
|
void *
|
|
xicalloc (idx_t n, idx_t s)
|
|
{
|
|
return nonnull (icalloc (n, s));
|
|
}
|
|
|
|
/* Clone an object P of size S, with error checking. There's no need
|
|
for xnmemdup (P, N, S), since xmemdup (P, N * S) works without any
|
|
need for an arithmetic overflow check. */
|
|
|
|
void *
|
|
xmemdup (void const *p, size_t s)
|
|
{
|
|
return memcpy (xmalloc (s), p, s);
|
|
}
|
|
|
|
void *
|
|
ximemdup (void const *p, idx_t s)
|
|
{
|
|
return memcpy (ximalloc (s), p, s);
|
|
}
|
|
|
|
/* Clone an object P of size S, with error checking. Append
|
|
a terminating NUL byte. */
|
|
|
|
char *
|
|
ximemdup0 (void const *p, idx_t s)
|
|
{
|
|
char *result = ximalloc (s + 1);
|
|
result[s] = 0;
|
|
return memcpy (result, p, s);
|
|
}
|
|
|
|
/* Clone STRING. */
|
|
|
|
char *
|
|
xstrdup (char const *string)
|
|
{
|
|
return xmemdup (string, strlen (string) + 1);
|
|
}
|