util: update allocation macros/functions

Let's copy in a new version from systemd

Author: poettering

meson.build

@@ -88,6 +88,7 @@ foreach ident : [
         ['copy_file_range',   '''#define _GNU_SOURCE
                                  #include <sys/syscall.h>
                                  #include <unistd.h>'''],
+        ['reallocarray',      '''#include <malloc.h>'''],
 ]
         have = cc.has_function(ident[0], args : '-D_GNU_SOURCE', prefix : ident[1])
         conf.set10('HAVE_' + ident[0].to_upper(), have)

src/casync.c

@@ -1079,7 +1079,7 @@ int ca_sync_add_store_path(CaSync *s, const char *path) {
                 return r;
         }
 
-        array = realloc_multiply(s->rstores, sizeof(CaStore*), s->n_rstores+1);
+        array = reallocarray(s->rstores, sizeof(CaStore*), s->n_rstores+1);
         if (!array) {
                 ca_store_unref(store);
                 return -ENOMEM;
@@ -1110,7 +1110,7 @@ int ca_sync_add_store_remote(CaSync *s, const char *url) {
                 return r;
         }
 
-        array = realloc_multiply(s->remote_rstores, sizeof(CaRemote*),  s->n_remote_rstores+1);
+        array = reallocarray(s->remote_rstores, sizeof(CaRemote*),  s->n_remote_rstores+1);
         if (!array) {
                 ca_remote_unref(remote);
                 return -ENOMEM;
@@ -1145,7 +1145,7 @@ static int ca_sync_extend_seeds_array(CaSync *s) {
 
         assert(s);
 
-        new_seeds = realloc_multiply(s->seeds, sizeof(CaSeed*), s->n_seeds+1);
+        new_seeds = reallocarray(s->seeds, sizeof(CaSeed*), s->n_seeds+1);
         if (!new_seeds)
                 return -ENOMEM;
 

src/util.c

@@ -919,7 +919,7 @@ int strv_push(char ***l, char *value) {
         if (m < n)
                 return -ENOMEM;
 
-        c = realloc_multiply(*l, sizeof(char*), m);
+        c = reallocarray(*l, sizeof(char*), m);
         if (!c)
                 return -ENOMEM;
 

src/util.h

@@ -24,10 +24,32 @@
 #include "gcc-macro.h"
 #include "log.h"
 
-#define new(t, n) ((t*) malloc((n) * sizeof(t)))
-#define new0(t, n) ((t*) calloc((n), sizeof(t)))
+/* If for some reason more than 4M are allocated on the stack, let's abort immediately. It's better than
+ * proceeding and smashing the stack limits. Note that by default RLIMIT_STACK is 8M on Linux. */
+#define ALLOCA_MAX (4U*1024U*1024U)
 
-#define newa(t, n) ((t*) alloca((n) * sizeof(t)))
+#define new(t, n) ((t*) malloc_multiply(sizeof(t), (n)))
+#define new0(t, n) ((t*) calloc((n) ?: 1, sizeof(t)))
+
+#define newa(t, n)                                                      \
+        ({                                                              \
+                size_t _n_ = n;                                         \
+                assert(!size_multiply_overflow(sizeof(t), _n_));        \
+                assert(sizeof(t)*_n_ <= ALLOCA_MAX);                    \
+                (t*) alloca(sizeof(t)*_n_);                             \
+        })
+
+#define newa0(t, n)                                                     \
+        ({                                                              \
+                size_t _n_ = n;                                         \
+                assert(!size_multiply_overflow(sizeof(t), _n_));        \
+                assert(sizeof(t)*_n_ <= ALLOCA_MAX);                    \
+                (t*) alloca0(sizeof(t)*_n_);                            \
+        })
+
+#define newdup(t, p, n) ((t*) memdup_multiply(p, sizeof(t), (n)))
+
+#define malloc0(n) (calloc(1, (n)))
 
 #define XCONCATENATE(x, y) x ## y
 #define CONCATENATE(x, y) XCONCATENATE(x, y)
@@ -63,8 +85,6 @@
                 ((_A) > (_B)) ? (_A) : (_B),                            \
                 (void)0))
 
-
-
 int loop_write(int fd, const void *p, size_t l);
 int loop_write_block(int fd, const void *p, size_t l);
 ssize_t loop_read(int fd, void *p, size_t l);
@@ -330,22 +350,39 @@ char *strv_find(char **l, const char *name) _pure_;
 #define strv_contains(l, s) (!!strv_find((l), (s)))
 
 static inline bool size_multiply_overflow(size_t size, size_t need) {
-        return need != 0 && size > (SIZE_MAX / need);
+        return _unlikely_(need != 0 && size > (SIZE_MAX / need));
 }
 
 _malloc_  _alloc_(1, 2) static inline void *malloc_multiply(size_t size, size_t need) {
-        if (_unlikely_(size_multiply_overflow(size, need)))
+        if (size_multiply_overflow(size, need))
                 return NULL;
 
-        return malloc(size * need);
+        return malloc(size * need ?: 1);
 }
 
-_alloc_(2, 3) static inline void *realloc_multiply(void *p, size_t size, size_t need) {
-        if (_unlikely_(size_multiply_overflow(size, need)))
+#if !HAVE_REALLOCARRAY
+_alloc_(2, 3) static inline void *reallocarray(void *p, size_t need, size_t size) {
+        if (size_multiply_overflow(size, need))
                 return NULL;
 
-        return realloc(p, size * need);
+        return realloc(p, size * need ?: 1);
 }
+#endif
+
+_alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t size, size_t need) {
+        if (size_multiply_overflow(size, need))
+                return NULL;
+
+        return memdup(p, size * need);
+}
+
+#define free_and_replace(a, b)                  \
+        ({                                      \
+                free(a);                        \
+                (a) = (b);                      \
+                (b) = NULL;                     \
+                0;                              \
+        })
 
 #define STRV_FOREACH(s, l)                      \
         for ((s) = (l); (s) && *(s); (s)++)