malloc.c 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230
  1. /* Copyright (c) 2003, Roger Dingledine
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2018, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. /**
  6. * \file malloc.c
  7. * \brief Wrappers for C malloc code, and replacements for items that
  8. * may be missing.
  9. **/
  10. #include "orconfig.h"
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include "lib/testsupport/testsupport.h"
  14. #define UTIL_MALLOC_PRIVATE
  15. #include "lib/malloc/malloc.h"
  16. #include "lib/cc/torint.h"
  17. #include "lib/err/torerr.h"
  18. #ifdef __clang_analyzer__
  19. #undef MALLOC_ZERO_WORKS
  20. #endif
  21. /** Allocate a chunk of <b>size</b> bytes of memory, and return a pointer to
  22. * result. On error, log and terminate the process. (Same as malloc(size),
  23. * but never returns NULL.)
  24. */
  25. void *
  26. tor_malloc_(size_t size)
  27. {
  28. void *result;
  29. raw_assert(size < SIZE_T_CEILING);
  30. #ifndef MALLOC_ZERO_WORKS
  31. /* Some libc mallocs don't work when size==0. Override them. */
  32. if (size==0) {
  33. size=1;
  34. }
  35. #endif /* !defined(MALLOC_ZERO_WORKS) */
  36. result = raw_malloc(size);
  37. if (PREDICT_UNLIKELY(result == NULL)) {
  38. /* LCOV_EXCL_START */
  39. /* If these functions die within a worker process, they won't call
  40. * spawn_exit, but that's ok, since the parent will run out of memory soon
  41. * anyway. */
  42. raw_assert_unreached_msg("Out of memory on malloc(). Dying.");
  43. /* LCOV_EXCL_STOP */
  44. }
  45. return result;
  46. }
  47. /** Allocate a chunk of <b>size</b> bytes of memory, fill the memory with
  48. * zero bytes, and return a pointer to the result. Log and terminate
  49. * the process on error. (Same as calloc(size,1), but never returns NULL.)
  50. */
  51. void *
  52. tor_malloc_zero_(size_t size)
  53. {
  54. /* You may ask yourself, "wouldn't it be smart to use calloc instead of
  55. * malloc+memset? Perhaps libc's calloc knows some nifty optimization trick
  56. * we don't!" Indeed it does, but its optimizations are only a big win when
  57. * we're allocating something very big (it knows if it just got the memory
  58. * from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero
  59. * for big stuff, so we don't bother with calloc. */
  60. void *result = tor_malloc_(size);
  61. memset(result, 0, size);
  62. return result;
  63. }
  64. /* The square root of SIZE_MAX + 1. If a is less than this, and b is less
  65. * than this, then a*b is less than SIZE_MAX. (For example, if size_t is
  66. * 32 bits, then SIZE_MAX is 0xffffffff and this value is 0x10000. If a and
  67. * b are less than this, then their product is at most (65535*65535) ==
  68. * 0xfffe0001. */
  69. #define SQRT_SIZE_MAX_P1 (((size_t)1) << (sizeof(size_t)*4))
  70. /** Return non-zero if and only if the product of the arguments is exact,
  71. * and cannot overflow. */
  72. STATIC int
  73. size_mul_check(const size_t x, const size_t y)
  74. {
  75. /* This first check is equivalent to
  76. (x < SQRT_SIZE_MAX_P1 && y < SQRT_SIZE_MAX_P1)
  77. Rationale: if either one of x or y is >= SQRT_SIZE_MAX_P1, then it
  78. will have some bit set in its most significant half.
  79. */
  80. return ((x|y) < SQRT_SIZE_MAX_P1 ||
  81. y == 0 ||
  82. x <= SIZE_MAX / y);
  83. }
  84. /** Allocate a chunk of <b>nmemb</b>*<b>size</b> bytes of memory, fill
  85. * the memory with zero bytes, and return a pointer to the result.
  86. * Log and terminate the process on error. (Same as
  87. * calloc(<b>nmemb</b>,<b>size</b>), but never returns NULL.)
  88. * The second argument (<b>size</b>) should preferably be non-zero
  89. * and a compile-time constant.
  90. */
  91. void *
  92. tor_calloc_(size_t nmemb, size_t size)
  93. {
  94. raw_assert(size_mul_check(nmemb, size));
  95. return tor_malloc_zero_((nmemb * size));
  96. }
  97. /** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
  98. * bytes long; return the new memory block. On error, log and
  99. * terminate. (Like realloc(ptr,size), but never returns NULL.)
  100. */
  101. void *
  102. tor_realloc_(void *ptr, size_t size)
  103. {
  104. void *result;
  105. raw_assert(size < SIZE_T_CEILING);
  106. #ifndef MALLOC_ZERO_WORKS
  107. /* Some libc mallocs don't work when size==0. Override them. */
  108. if (size==0) {
  109. size=1;
  110. }
  111. #endif /* !defined(MALLOC_ZERO_WORKS) */
  112. result = raw_realloc(ptr, size);
  113. if (PREDICT_UNLIKELY(result == NULL)) {
  114. /* LCOV_EXCL_START */
  115. raw_assert_unreached_msg("Out of memory on realloc(). Dying.");
  116. /* LCOV_EXCL_STOP */
  117. }
  118. return result;
  119. }
  120. /**
  121. * Try to realloc <b>ptr</b> so that it takes up sz1 * sz2 bytes. Check for
  122. * overflow. Unlike other allocation functions, return NULL on overflow.
  123. */
  124. void *
  125. tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
  126. {
  127. /* XXXX we can make this return 0, but we would need to check all the
  128. * reallocarray users. */
  129. raw_assert(size_mul_check(sz1, sz2));
  130. return tor_realloc(ptr, (sz1 * sz2));
  131. }
  132. /** Return a newly allocated copy of the NUL-terminated string s. On
  133. * error, log and terminate. (Like strdup(s), but never returns
  134. * NULL.)
  135. */
  136. char *
  137. tor_strdup_(const char *s)
  138. {
  139. char *duplicate;
  140. raw_assert(s);
  141. duplicate = raw_strdup(s);
  142. if (PREDICT_UNLIKELY(duplicate == NULL)) {
  143. /* LCOV_EXCL_START */
  144. raw_assert_unreached_msg("Out of memory on strdup(). Dying.");
  145. /* LCOV_EXCL_STOP */
  146. }
  147. return duplicate;
  148. }
  149. /** Allocate and return a new string containing the first <b>n</b>
  150. * characters of <b>s</b>. If <b>s</b> is longer than <b>n</b>
  151. * characters, only the first <b>n</b> are copied. The result is
  152. * always NUL-terminated. (Like strndup(s,n), but never returns
  153. * NULL.)
  154. */
  155. char *
  156. tor_strndup_(const char *s, size_t n)
  157. {
  158. char *duplicate;
  159. raw_assert(s);
  160. raw_assert(n < SIZE_T_CEILING);
  161. duplicate = tor_malloc_((n+1));
  162. /* Performance note: Ordinarily we prefer strlcpy to strncpy. But
  163. * this function gets called a whole lot, and platform strncpy is
  164. * much faster than strlcpy when strlen(s) is much longer than n.
  165. */
  166. strncpy(duplicate, s, n);
  167. duplicate[n]='\0';
  168. return duplicate;
  169. }
  170. /** Allocate a chunk of <b>len</b> bytes, with the same contents as the
  171. * <b>len</b> bytes starting at <b>mem</b>. */
  172. void *
  173. tor_memdup_(const void *mem, size_t len)
  174. {
  175. char *duplicate;
  176. raw_assert(len < SIZE_T_CEILING);
  177. raw_assert(mem);
  178. duplicate = tor_malloc_(len);
  179. memcpy(duplicate, mem, len);
  180. return duplicate;
  181. }
  182. /** As tor_memdup(), but add an extra 0 byte at the end of the resulting
  183. * memory. */
  184. void *
  185. tor_memdup_nulterm_(const void *mem, size_t len)
  186. {
  187. char *duplicate;
  188. raw_assert(len < SIZE_T_CEILING+1);
  189. raw_assert(mem);
  190. duplicate = tor_malloc_(len+1);
  191. memcpy(duplicate, mem, len);
  192. duplicate[len] = '\0';
  193. return duplicate;
  194. }
  195. /** Helper for places that need to take a function pointer to the right
  196. * spelling of "free()". */
  197. void
  198. tor_free_(void *mem)
  199. {
  200. tor_free(mem);
  201. }