diff -r ec62453fc8a6 -r 1ecf4dbbc60c src/array_list.c --- a/src/array_list.c Fri Dec 20 21:25:33 2024 +0100 +++ b/src/array_list.c Sat Dec 21 21:03:28 2024 +0100 @@ -40,7 +40,12 @@ size_t elem_size, cx_attr_unused CxArrayReallocator *alloc ) { - return realloc(array, capacity * elem_size); + size_t n; + if (cx_szmul(capacity, elem_size, &n)) { + errno = EOVERFLOW; + return NULL; + } + return realloc(array, n); } CxArrayReallocator cx_array_default_reallocator_impl = { @@ -57,18 +62,25 @@ size_t elem_size, cx_attr_unused CxArrayReallocator *alloc ) { + // check for overflow + size_t n; + if (cx_szmul(capacity, elem_size, &n)) { + errno = EOVERFLOW; + return NULL; + } + // retrieve the pointer to the actual allocator const CxAllocator *al = alloc->ptr1; // check if the array is still located on the stack void *newmem; if (array == alloc->ptr2) { - newmem = cxMalloc(al, capacity * elem_size); + newmem = cxMalloc(al, n); if (newmem != NULL && array != NULL) { - memcpy(newmem, array, capacity * elem_size); + memcpy(newmem, array, n); } } else { - newmem = cxRealloc(al, array, capacity * elem_size); + newmem = cxRealloc(al, array, n); } return newmem; } @@ -89,6 +101,18 @@ // LOW LEVEL ARRAY LIST FUNCTIONS +static size_t cx_array_align_capacity( + size_t cap, + size_t alignment, + size_t max +) { + if (cap > max - alignment) { + return cap; + } else { + return cap - (cap % alignment) + alignment; + } +} + int cx_array_reserve( void **array, void *size, @@ -136,19 +160,19 @@ // assert that the array is allocated when it has capacity assert(*array != NULL || oldcap == 0); - // determine new capacity - size_t newcap = oldsize + elem_count; - // check for overflow - if (newcap > max_size) { + if (elem_count > max_size - oldsize) { errno = EOVERFLOW; return 1; } + // determine new capacity + size_t newcap = oldsize + elem_count; + // reallocate if possible if (newcap > oldcap) { // calculate new capacity (next number divisible by 16) - newcap = newcap - (newcap % 16) + 16; + newcap = cx_array_align_capacity(newcap, 16, max_size); // perform reallocation void *newmem = reallocator->realloc( @@ -229,16 +253,16 @@ // assert that the array is allocated when it has capacity assert(*target != NULL || oldcap == 0); + // check for overflow + if (index > max_size || elem_count > max_size - index) { + errno = EOVERFLOW; + return 1; + } + // check if resize is required size_t minsize = index + elem_count; size_t newsize = oldsize < minsize ? minsize : oldsize; - // check for overflow - if (newsize > max_size) { - errno = EOVERFLOW; - return 1; - } - // reallocate if possible size_t newcap = oldcap; if (newsize > oldcap) { @@ -249,7 +273,7 @@ && srcaddr < targetaddr + oldcap * elem_size; // calculate new capacity (next number divisible by 16) - newcap = newsize - (newsize % 16) + 16; + newcap = cx_array_align_capacity(newsize, 16, max_size); assert(newcap > newsize); // perform reallocation @@ -274,6 +298,7 @@ start += index * elem_size; // copy elements and set new size + // note: no overflow check here, b/c we cannot get here w/o allocation memmove(start, src, elem_count * elem_size); // if any of size or capacity changed, store them back @@ -321,13 +346,19 @@ // corner case if (elem_count == 0) return 0; + // overflow check + if (elem_count > SIZE_MAX - *size) { + errno = EOVERFLOW; + return 1; + } + // store some counts size_t old_size = *size; size_t needed_capacity = old_size + elem_count; // if we need more than we have, try a reallocation if (needed_capacity > *capacity) { - size_t new_capacity = needed_capacity - (needed_capacity % 16) + 16; + size_t new_capacity = cx_array_align_capacity(needed_capacity, 16, SIZE_MAX); void *new_mem = reallocator->realloc( *target, new_capacity, elem_size, reallocator );