104 105 #define MAX_MEMORY_FOR_ALLOC ((cmsUInt32Number)(1024U*1024U*512U)) 106 107 // User may override this behaviour by using a memory plug-in, which basically replaces 108 // the default memory management functions. In this case, no check is performed and it 109 // is up to the plug-in writter to keep in the safe side. There are only three functions 110 // required to be implemented: malloc, realloc and free, although the user may want to 111 // replace the optional mallocZero, calloc and dup as well. 112 113 cmsBool _cmsRegisterMemHandlerPlugin(cmsContext ContextID, cmsPluginBase* Plugin); 114 115 // ********************************************************************************* 116 117 // This is the default memory allocation function. It does a very coarse 118 // check of amout of memory, just to prevent exploits 119 static 120 void* _cmsMallocDefaultFn(cmsContext ContextID, cmsUInt32Number size) 121 { 122 if (size > MAX_MEMORY_FOR_ALLOC) return NULL; // Never allow over maximum 123 124 return (void*) malloc(size); 125 126 cmsUNUSED_PARAMETER(ContextID); 127 } 128 129 // Generic allocate & zero 130 static 131 void* _cmsMallocZeroDefaultFn(cmsContext ContextID, cmsUInt32Number size) 132 { 133 void *pt = _cmsMalloc(ContextID, size); 134 if (pt == NULL) return NULL; 135 136 memset(pt, 0, size); 137 return pt; 138 } 139 140 141 // The default free function. The only check proformed is against NULL pointers 142 static 143 void _cmsFreeDefaultFn(cmsContext ContextID, void *Ptr) 144 { 145 // free(NULL) is defined a no-op by C99, therefore it is safe to 146 // avoid the check, but it is here just in case... 147 148 if (Ptr) free(Ptr); 149 150 cmsUNUSED_PARAMETER(ContextID); 151 } 152 153 // The default realloc function. Again it checks for exploits. If Ptr is NULL, 154 // realloc behaves the same way as malloc and allocates a new block of size bytes. 155 static 156 void* _cmsReallocDefaultFn(cmsContext ContextID, void* Ptr, cmsUInt32Number size) 157 { 158 159 if (size > MAX_MEMORY_FOR_ALLOC) return NULL; // Never realloc over 512Mb 160 161 return realloc(Ptr, size); 162 163 cmsUNUSED_PARAMETER(ContextID); 164 } 165 166 167 // The default calloc function. Allocates an array of num elements, each one of size bytes 168 // all memory is initialized to zero. 169 static 170 void* _cmsCallocDefaultFn(cmsContext ContextID, cmsUInt32Number num, cmsUInt32Number size) 171 { 172 cmsUInt32Number Total = num * size; 173 174 // Preserve calloc behaviour 175 if (Total == 0) return NULL; 176 177 // Safe check for overflow. 178 if (num >= UINT_MAX / size) return NULL; 179 180 // Check for overflow 181 if (Total < num || Total < size) { 182 return NULL; 183 } | 104 105 #define MAX_MEMORY_FOR_ALLOC ((cmsUInt32Number)(1024U*1024U*512U)) 106 107 // User may override this behaviour by using a memory plug-in, which basically replaces 108 // the default memory management functions. In this case, no check is performed and it 109 // is up to the plug-in writter to keep in the safe side. There are only three functions 110 // required to be implemented: malloc, realloc and free, although the user may want to 111 // replace the optional mallocZero, calloc and dup as well. 112 113 cmsBool _cmsRegisterMemHandlerPlugin(cmsContext ContextID, cmsPluginBase* Plugin); 114 115 // ********************************************************************************* 116 117 // This is the default memory allocation function. It does a very coarse 118 // check of amout of memory, just to prevent exploits 119 static 120 void* _cmsMallocDefaultFn(cmsContext ContextID, cmsUInt32Number size) 121 { 122 if (size > MAX_MEMORY_FOR_ALLOC) return NULL; // Never allow over maximum 123 124 cmsUNUSED_PARAMETER(ContextID); 125 return (void*) malloc(size); 126 127 } 128 129 // Generic allocate & zero 130 static 131 void* _cmsMallocZeroDefaultFn(cmsContext ContextID, cmsUInt32Number size) 132 { 133 void *pt = _cmsMalloc(ContextID, size); 134 if (pt == NULL) return NULL; 135 136 memset(pt, 0, size); 137 return pt; 138 } 139 140 141 // The default free function. The only check proformed is against NULL pointers 142 static 143 void _cmsFreeDefaultFn(cmsContext ContextID, void *Ptr) 144 { 145 // free(NULL) is defined a no-op by C99, therefore it is safe to 146 // avoid the check, but it is here just in case... 147 148 if (Ptr) free(Ptr); 149 150 cmsUNUSED_PARAMETER(ContextID); 151 } 152 153 // The default realloc function. Again it checks for exploits. If Ptr is NULL, 154 // realloc behaves the same way as malloc and allocates a new block of size bytes. 155 static 156 void* _cmsReallocDefaultFn(cmsContext ContextID, void* Ptr, cmsUInt32Number size) 157 { 158 cmsUNUSED_PARAMETER(ContextID); 159 160 if (size > MAX_MEMORY_FOR_ALLOC) return NULL; // Never realloc over 512Mb 161 162 return realloc(Ptr, size); 163 164 } 165 166 167 // The default calloc function. Allocates an array of num elements, each one of size bytes 168 // all memory is initialized to zero. 169 static 170 void* _cmsCallocDefaultFn(cmsContext ContextID, cmsUInt32Number num, cmsUInt32Number size) 171 { 172 cmsUInt32Number Total = num * size; 173 174 // Preserve calloc behaviour 175 if (Total == 0) return NULL; 176 177 // Safe check for overflow. 178 if (num >= UINT_MAX / size) return NULL; 179 180 // Check for overflow 181 if (Total < num || Total < size) { 182 return NULL; 183 } |