1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 #ifndef SIZECALC_H 27 #define SIZECALC_H 28 29 /* 30 * A machinery for safe calculation of sizes used when allocating memory. 31 * 32 * All size checks are performed against the SIZE_MAX (the maximum value for 33 * size_t). All numerical arguments as well as the result of calculation must 34 * be non-negative integers less than or equal to SIZE_MAX, otherwise the 35 * calculated size is considered unsafe. 36 * 37 * If the SIZECALC_ALLOC_THROWING_BAD_ALLOC macro is defined, then _ALLOC_ 38 * helper macros throw the std::bad_alloc instead of returning NULL. 39 */ 40 41 #include <stdint.h> /* SIZE_MAX for C99+ */ 42 /* http://stackoverflow.com/questions/3472311/what-is-a-portable-method-to-find-the-maximum-value-of-size-t */ 43 #ifndef SIZE_MAX 44 #define SIZE_MAX ((size_t)-1) 45 #endif 46 47 #define IS_SAFE_SIZE_T(x) (((x) + 1) > 0 && (unsigned long long)(x) - 1u < SIZE_MAX) 48 49 #define IS_SAFE_SIZE_MUL(m, n) \ 50 (IS_SAFE_SIZE_T(m) && IS_SAFE_SIZE_T(n) && ((m) == 0 || (n) == 0 || (size_t)(n) <= (SIZE_MAX / (size_t)(m)))) 51 52 #define IS_SAFE_SIZE_ADD(a, b) \ 53 (IS_SAFE_SIZE_T(a) && IS_SAFE_SIZE_T(b) && (size_t)(b) <= (SIZE_MAX - (size_t)(a))) 54 55 56 57 /* Helper macros */ 58 59 #ifdef SIZECALC_ALLOC_THROWING_BAD_ALLOC 60 #define FAILURE_RESULT throw std::bad_alloc() 61 #else 62 #define FAILURE_RESULT NULL 63 #endif 64 65 /* 66 * A helper macro to safely allocate an array of size m*n. 67 * Example usage: 68 * int* p = (int*)SAFE_SIZE_ARRAY_ALLOC(malloc, sizeof(int), n); 69 * if (!p) throw OutOfMemory; 70 * // Use the allocated array... 71 */ 72 #define SAFE_SIZE_ARRAY_ALLOC(func, m, n) \ 73 (IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((m) * (n))) : FAILURE_RESULT) 74 75 #define SAFE_SIZE_ARRAY_REALLOC(func, p, m, n) \ 76 (IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((p), (m) * (n))) : FAILURE_RESULT) 77 78 /* 79 * A helper macro to safely allocate an array of type 'type' with 'n' items 80 * using the C++ new[] operator. 81 * Example usage: 82 * MyClass* p = SAFE_SIZE_NEW_ARRAY(MyClass, n); 83 * // Use the pointer. 84 * This macro throws the std::bad_alloc C++ exception to indicate 85 * a failure. 86 * NOTE: if 'n' is calculated, the calling code is responsible for using the 87 * IS_SAFE_... macros to check if the calculations are safe. 88 */ 89 #define SAFE_SIZE_NEW_ARRAY(type, n) \ 90 (IS_SAFE_SIZE_MUL(sizeof(type), (n)) ? (new type[(n)]) : throw std::bad_alloc()) 91 92 #define SAFE_SIZE_NEW_ARRAY2(type, n, m) \ 93 (IS_SAFE_SIZE_MUL((m), (n)) && IS_SAFE_SIZE_MUL(sizeof(type), (n) * (m)) ? \ 94 (new type[(n) * (m)]) : throw std::bad_alloc()) 95 96 /* 97 * Checks if a data structure of size (a + m*n) can be safely allocated 98 * w/o producing an integer overflow when calculating its size. 99 */ 100 #define IS_SAFE_STRUCT_SIZE(a, m, n) \ 101 ( \ 102 IS_SAFE_SIZE_MUL((m), (n)) && IS_SAFE_SIZE_ADD((m) * (n), (a)) \ 103 ) 104 105 /* 106 * A helper macro for implementing safe memory allocation for a data structure 107 * of size (a + m * n). 108 * Example usage: 109 * void * p = SAFE_SIZE_ALLOC(malloc, header, num, itemSize); 110 * if (!p) throw OutOfMemory; 111 * // Use the allocated memory... 112 */ 113 #define SAFE_SIZE_STRUCT_ALLOC(func, a, m, n) \ 114 (IS_SAFE_STRUCT_SIZE((a), (m), (n)) ? ((func)((a) + (m) * (n))) : FAILURE_RESULT) 115 116 117 #endif /* SIZECALC_H */ 118