Add overflow detection

Origin: http://marc.info/?l=openbsd-ports&m=142090828929750&w=2 * main.c: Call exit(1) when out of memory to avoid dereferencing null pointers when gc's malloc fails. * alloc.h: Replacements for w3m's allocation macros which add overflow detection and concentrate the macros in one file. * indep.h, libwc/charset.c, libwc/status.c, matrix.c: Use the overflow-detecting allocation macros from alloc.h.
author: Scarlett <scarlett@xavin.net> 2015-01-15 10:38:11 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2015-01-15 10:38:11 +0000
commit: cbec7032ee36346649fc5ebecc4b1c01f01178f1 (patch)
tree: 69907176f0aed9cef693dbbfd0398fa561c4a4cc
parent: Merge branch 'bug/printf' (diff)
download: w3m-cbec7032ee36346649fc5ebecc4b1c01f01178f1.tar.gz
w3m-cbec7032ee36346649fc5ebecc4b1c01f01178f1.zip
6 files changed, 51 insertions, 17 deletions
diff --git a/alloc.h b/alloc.h
new file mode 100644
index 0000000..7d23414
--- /dev/null
+++ b/alloc.h
@@ -0,0 +1,39 @@
+/*
+ * by Scarlett. public domain.
+ * replacements for w3m's allocation macros which add overflow
+ * detection and concentrate the macros in one file
+ */
+#ifndef W3_ALLOC_H
+#define W3_ALLOC_H
+#include <gc.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <limits.h>
+
+static inline size_t
+z_mult_no_oflow_(size_t n, size_t size)
+{
+	if (size != 0 && n > SIZE_MAX / size) {
+		fprintf(stderr,
+		    "w3m: overflow in malloc, %zu*%zu\n", n, size);
+		exit(1);
+	}
+	return n * size;
+}
+
+#define New(type) \
+	(GC_MALLOC(sizeof(type)))
+
+#define NewAtom(type) \
+	(GC_MALLOC_ATOMIC(sizeof(type)))
+
+#define New_N(type, n) \
+	(GC_MALLOC(z_mult_no_oflow_((n), sizeof(type))))
+
+#define NewAtom_N(type, n) \
+	(GC_MALLOC_ATOMIC(z_mult_no_oflow_((n), sizeof(type))))
+
+#define New_Reuse(type, ptr, n) \
+	(GC_REALLOC((ptr), z_mult_no_oflow_((n), sizeof(type))))
+
+#endif /* W3_ALLOC_H */
diff --git a/indep.h b/indep.h
index 84416ed..2809832 100644
--- a/indep.h
+++ b/indep.h
@@ -1,7 +1,7 @@
 /* $Id: indep.h,v 1.16 2003/09/22 21:02:19 ukai Exp $ */
 #ifndef INDEP_H
 #define INDEP_H
-#include <gc.h>
+#include "alloc.h"
 #include "Str.h"
 #include "config.h"
 
@@ -92,11 +92,6 @@ extern char *w3m_etc_dir();
 extern char *w3m_conf_dir();
 extern char *w3m_help_dir();
 
-#define New(type)	((type*)GC_MALLOC(sizeof(type)))
-#define NewAtom(type)	((type*)GC_MALLOC_ATOMIC(sizeof(type)))
-#define New_N(type,n)	((type*)GC_MALLOC((n)*sizeof(type)))
-#define NewAtom_N(type,n)	((type*)GC_MALLOC_ATOMIC((n)*sizeof(type)))
-#define New_Reuse(type,ptr,n)   ((type*)GC_REALLOC((ptr),(n)*sizeof(type)))
 #define NewWithoutGC(type)	((type*)xmalloc(sizeof(type)))
 #define NewWithoutGC_N(type,n)	((type*)xmalloc((n)*sizeof(type)))
 #define NewWithoutGC_Reuse(type,ptr,n)	((type*)xrealloc(ptr,(n)*sizeof(type)))
diff --git a/libwc/charset.c b/libwc/charset.c
index 3f0b74d..ea79b1c 100644
--- a/libwc/charset.c
+++ b/libwc/charset.c
@@ -1,8 +1,7 @@
 
 #include <stdlib.h>
 #include <ctype.h>
-#include <gc.h>
-#define New_N(type,n) ((type*)GC_MALLOC((n)*sizeof(type)))
+#include "../alloc.h"
 
 #include "wc.h"
 
diff --git a/libwc/status.c b/libwc/status.c
index d25c924..4a2ebf8 100644
--- a/libwc/status.c
+++ b/libwc/status.c
@@ -1,7 +1,6 @@
 
 #include <string.h>
-#include <gc.h>
-#define New_N(type,n) ((type*)GC_MALLOC((n)*sizeof(type)))
+#include "../alloc.h"
 
 #include "wc.h"
 #ifdef USE_UNICODE
diff --git a/main.c b/main.c
index 76256d6..cb15c9f 100644
--- a/main.c
+++ b/main.c
@@ -383,6 +383,13 @@ make_optional_header_string(char *s)
     return hs;
 }
 
+static void *
+die_oom(size_t bytes)
+{
+    fprintf(stderr, "Out of memory: %zu bytes unavailable!\n", bytes);
+    exit(1);
+}
+
 int
 main(int argc, char **argv, char **envp)
 {
@@ -412,6 +419,7 @@ main(int argc, char **argv, char **envp)
     char **getimage_args = NULL;
 #endif /* defined(DONT_CALL_GC_AFTER_FORK) && defined(USE_IMAGE) */
     GC_INIT();
+    GC_set_oom_fn(die_oom);
 #if defined(ENABLE_NLS) || (defined(USE_M17N) && defined(HAVE_LANGINFO_CODESET))
     setlocale(LC_ALL, "");
 #endif
diff --git a/matrix.c b/matrix.c
index 64fd0ad..bc7a5be 100644
--- a/matrix.c
+++ b/matrix.c
@@ -34,18 +34,12 @@
 
 #include "config.h"
 #include "matrix.h"
-#include <gc.h>
+#include "alloc.h"
 
 /* 
  * Macros from "fm.h".
  */
 
-#define New(type)       ((type*)GC_MALLOC(sizeof(type)))
-#define NewAtom(type)   ((type*)GC_MALLOC_ATOMIC(sizeof(type)))
-#define New_N(type,n)   ((type*)GC_MALLOC((n)*sizeof(type)))
-#define NewAtom_N(type,n)       ((type*)GC_MALLOC_ATOMIC((n)*sizeof(type)))
-#define Renew_N(type,ptr,n)   ((type*)GC_REALLOC((ptr),(n)*sizeof(type)))
-
 #define SWAPD(a,b) { double tmp = a; a = b; b = tmp; }
 #define SWAPI(a,b) { int tmp = a; a = b; b = tmp; }
author	Scarlett <scarlett@xavin.net>	2015-01-15 10:38:11 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2015-01-15 10:38:11 +0000
commit	cbec7032ee36346649fc5ebecc4b1c01f01178f1 (patch)
tree	69907176f0aed9cef693dbbfd0398fa561c4a4cc
parent	Merge branch 'bug/printf' (diff)
download	w3m-cbec7032ee36346649fc5ebecc4b1c01f01178f1.tar.gz w3m-cbec7032ee36346649fc5ebecc4b1c01f01178f1.zip