(svn r22875) -Codechange: Add some asserts and checks to better prevent overflow of the argument to malloc. (monoid)

src/core/alloc_func.hpp

@@ -42,6 +42,9 @@ static FORCEINLINE T *MallocT(size_t num_elements)
 	 */
 	if (num_elements == 0) return NULL;
 
+	/* Ensure the size does not overflow. */
+	if (num_elements > SIZE_MAX / sizeof(T)) MallocError(SIZE_MAX);
+
 	T *t_ptr = (T*)malloc(num_elements * sizeof(T));
 	if (t_ptr == NULL) MallocError(num_elements * sizeof(T));
 	return t_ptr;
@@ -96,12 +99,17 @@ static FORCEINLINE T *ReallocT(T *t_ptr, size_t num_elements)
 		return NULL;
 	}
 
+	/* Ensure the size does not overflow. */
+	if (num_elements > SIZE_MAX / sizeof(T)) MallocError(SIZE_MAX);
+
 	t_ptr = (T*)realloc(t_ptr, num_elements * sizeof(T));
 	if (t_ptr == NULL) ReallocError(num_elements * sizeof(T));
 	return t_ptr;
 }
 
 /** alloca() has to be called in the parent function, so define AllocaM() as a macro */
-#define AllocaM(T, num_elements) ((T*)alloca((num_elements) * sizeof(T)))
+#define AllocaM(T, num_elements) \
+	((num_elements) > SIZE_MAX / sizeof(T) && (MallocError(SIZE_MAX), NULL), \
+	(T*)alloca((num_elements) * sizeof(T)))
 
 #endif /* ALLOC_FUNC_HPP */

src/misc/binaryheap.hpp

@@ -204,6 +204,8 @@ public:
 	FORCEINLINE void Include(T *new_item)
 	{
 		if (this->IsFull()) {
+			assert(this->capacity < UINT_MAX / 2);
+
 			this->capacity *= 2;
 			this->data = ReallocT<T*>(this->data, this->capacity + 1);
 		}

src/misc/blob.hpp

@@ -260,6 +260,7 @@ public:
 		if (Capacity() >= new_size) return;
 		/* calculate minimum block size we need to allocate
 		 * and ask allocation policy for some reasonable block size */
+		assert(new_size < SIZE_MAX - header_size - tail_reserve);
 		new_size = AllocPolicy(header_size + new_size + tail_reserve);
 
 		/* allocate new block and setup header */

src/misc/fixedsizearray.hpp

@@ -53,6 +53,9 @@ public:
 	/** Default constructor. Preallocate space for items and header, then initialize header. */
 	FixedSizeArray()
 	{
+		/* Ensure the size won't overflow. */
+		assert_compile(C < (SIZE_MAX - HeaderSize) / Tsize);
+
 		/* allocate block for header + items (don't construct items) */
 		data = (T*)((MallocT<byte>(HeaderSize + C * Tsize)) + HeaderSize);
 		SizeRef() = 0; // initial number of items

src/pathfinder/npf/queue.cpp

@@ -234,6 +234,9 @@ void Hash::Init(Hash_HashProc *hash, uint num_buckets)
 	/* Allocate space for the Hash, the buckets and the bucket flags */
 	uint i;
 
+	/* Ensure the size won't overflow. */
+	assert(num_buckets < SIZE_MAX / (sizeof(*this->buckets) + sizeof(*this->buckets_in_use)));
+
 	this->hash = hash;
 	this->size = 0;
 	this->num_buckets = num_buckets;

src/stdafx.h

@@ -63,6 +63,10 @@
 #include <climits>
 #include <cassert>
 
+#ifndef SIZE_MAX
+	#define SIZE_MAX ((size_t)-1)
+#endif
+
 #if defined(UNIX) || defined(__MINGW32__)
 	#include <sys/types.h>
 #endif