From patchwork Fri Apr 21 12:16:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Dennis_W=C3=B6lfing?= X-Patchwork-Id: 753330 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3w8ZVV2FtRz9s2x for ; Fri, 21 Apr 2017 22:17:05 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="qd6Xr4uU"; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; q=dns; s=default; b=rUnRlbIw9dmQ3r1aMWAPVhcdguToEYu+4lPRWcBJsB5 DZYsnFGpdpsTmwcIbjAAUcT01ClQGzecvZcZcHMiSKKN828eCyaCz03ygeSoz0d5 VDIjxwiKSz1jRl0dsft2c0n+rx8zRd+4bh1kyIA9QJLxnk14hvX2tCE7gI81eBNw = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; s=default; bh=oY03M6HLD27TxHsCKnhU79MMujw=; b=qd6Xr4uUL9txjD95e 8/EzJn0vG4EVFfo4DbtnUnKfQCeoozZjowx0bIc3Txkza7/2QgapIPzZg9Ijhbnc FJ1woTlFoH0LTo2SmrMe7+sbw7L5NDnETIvdjjXIS3WbWyge1fVEhLRE8pQLZjuq sPM4UgA75+ciWOU4ewVmWtlapA= Received: (qmail 43686 invoked by alias); 21 Apr 2017 12:16:52 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 43653 invoked by uid 89); 21 Apr 2017 12:16:51 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.5 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=ham version=3.3.2 spammy=H*F:D*gmx.de, __GNUC__, __gnuc__, untouched X-HELO: mout.gmx.net From: =?UTF-8?q?Dennis=20W=C3=B6lfing?= To: libc-alpha@sourceware.org Subject: [PATCH v3] Add reallocarray function. Date: Fri, 21 Apr 2017 14:16:46 +0200 Message-Id: <20170421121646.28392-1-denniswoelfing@gmx.de> In-Reply-To: <20170417140148.23212-1-denniswoelfing@gmx.de> References: <20170417140148.23212-1-denniswoelfing@gmx.de> MIME-Version: 1.0 X-UI-Out-Filterresults: notjunk:1; V01:K0:Nr8KSJN28EM=:mCNuWe6eC+yF4IGOik+6wI ua9k5P25s14fdmGUFpgaO73QxH6ociNwe85bhBNkadKofjnUKb/eSVqG3MaQx9ITKKzb4hkh1 iz6MaSssUaE5+WoMcMGnTXS0GZRWv185x1cFmjomPNf2J+DUElVbA/02n2XdFsrExnP38RAVx Nk9RmWh0DiwVomnT9Q8FjRw3J0suscoUNZ7lAsQenk1uPfxE40jXVEhFJzgl2uWpbODtYuSsD pR+GkkfYv+k8ZPlD48qEbIiTKiYV+mku0w43HhXJ4YdN2LbI79eEXJPbRbkT+wjbt505ay2ov klDniaeTc8NmxMjPo7x9uKS38+qM61hNehepByLoftVL+JBPCPxOOWsfkK6TwvttEm3WIbNd2 ZjNk0RNvI2ivUYrOIymoLeycWXIsdDXp27R2QkWTNkxbZvbBV7iIXpAyRv9DPpG9JgPKZGCnp X6oP1U1eBE6j5n8cpb90s6Q6FqmS9hq43ufZBEzLR3TQK4GRsV7pZUMD+Tp6hD6z98tghX9+w DfzeJejSBHEw1kKcnYWWI7FmVyAomoroi3U5lsqdIGbnwTwafV/0Eq6JolweqzvI2pOfjKAP+ uwSSzT1qL1U8B2CHjB5eavti9jzIvNZ62AIqL58gZ0oIOh0JMUv2lnd5roXglm2ck+5190u11 /YRbMLl3qxOA5NYzlvNEe9OUpT0mjzE8f4O70e8jPIT/ZD9yTG0eREX6t67ax4G7IAXR+FsN3 NdtJzv1pkTBTSNE6P8ifAJCZsc+WFV3LiXSmF4WhZBaAmOAOIen3HAPRSoV2Gd+xbRdvZdiAc iEIqAvN The reallocarray function is an extension from OpenBSD. It is an integer-overflow-safe replacement for realloc(p, X*Y) and malloc(X*Y) (realloc(NULL, X*Y)). It can therefore help in preventing certain security issues in code. This is an updated version of a patch originally submitted by Rüdiger Sonderfeld in May 2014. See . Tested on x86_64-linux. 2017-04-21 Dennis Wölfing Rüdiger Sonderfeld * NEWS: Mention addition of reallocarray. * malloc/Makefile (routines): Add reallocarray. (tests): Add tst-reallocarray.c. * malloc/Versions: Add reallocarray and __libc_reallocarray. * malloc/malloc-private.h: New file. * malloc/malloc.c (__libc_calloc): Use `check_mul_overflow'. * malloc/malloc.h (reallocarray): New declaration. * stdlib/stdlib.h (reallocarray): Likewise. * malloc/reallocarray.c: New file. * malloc/tst-reallocarray.c: New test file. * manual/memory.texi: Document reallocarray. * sysdeps/arm/nacl/libc.abilist: Add reallocarray. * sysdeps/unix/sysv/linux/aarch64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/alpha/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/arm/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/hppa/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/i386/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/ia64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/microblaze/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/nios2/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/sh/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/tilepro/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/x86_64/64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist: Likewise. --- NEWS | 2 + malloc/Makefile | 4 +- malloc/Versions | 4 + malloc/malloc-private.h | 44 ++++++ malloc/malloc.c | 14 +- malloc/malloc.h | 8 ++ malloc/reallocarray.c | 36 +++++ malloc/tst-reallocarray.c | 159 +++++++++++++++++++++ manual/memory.texi | 24 +++- stdlib/stdlib.h | 11 ++ sysdeps/arm/nacl/libc.abilist | 2 + sysdeps/unix/sysv/linux/aarch64/libc.abilist | 2 + sysdeps/unix/sysv/linux/alpha/libc.abilist | 2 + sysdeps/unix/sysv/linux/arm/libc.abilist | 2 + sysdeps/unix/sysv/linux/hppa/libc.abilist | 2 + sysdeps/unix/sysv/linux/i386/libc.abilist | 2 + sysdeps/unix/sysv/linux/ia64/libc.abilist | 2 + sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist | 2 + sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist | 2 + sysdeps/unix/sysv/linux/microblaze/libc.abilist | 2 + .../unix/sysv/linux/mips/mips32/fpu/libc.abilist | 2 + .../unix/sysv/linux/mips/mips32/nofpu/libc.abilist | 2 + .../unix/sysv/linux/mips/mips64/n32/libc.abilist | 2 + .../unix/sysv/linux/mips/mips64/n64/libc.abilist | 2 + sysdeps/unix/sysv/linux/nios2/libc.abilist | 2 + .../sysv/linux/powerpc/powerpc32/fpu/libc.abilist | 2 + .../linux/powerpc/powerpc32/nofpu/libc.abilist | 2 + .../sysv/linux/powerpc/powerpc64/libc-le.abilist | 2 + .../unix/sysv/linux/powerpc/powerpc64/libc.abilist | 2 + sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist | 2 + sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist | 2 + sysdeps/unix/sysv/linux/sh/libc.abilist | 2 + sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist | 2 + sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist | 2 + .../sysv/linux/tile/tilegx/tilegx32/libc.abilist | 2 + .../sysv/linux/tile/tilegx/tilegx64/libc.abilist | 2 + sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist | 2 + sysdeps/unix/sysv/linux/x86_64/64/libc.abilist | 2 + sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist | 2 + 39 files changed, 350 insertions(+), 14 deletions(-) create mode 100644 malloc/malloc-private.h create mode 100644 malloc/reallocarray.c create mode 100644 malloc/tst-reallocarray.c diff --git a/NEWS b/NEWS index 811178bca6..eaee4af5f5 100644 --- a/NEWS +++ b/NEWS @@ -52,6 +52,8 @@ Version 2.26 * The legacy cfree function has been removed. Applications should use the free function instead. +* The reallocarray function has been added to libc. + Security related changes: * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, diff --git a/malloc/Makefile b/malloc/Makefile index e93b83b57d..6534594f7f 100644 --- a/malloc/Makefile +++ b/malloc/Makefile @@ -26,7 +26,7 @@ dist-headers := malloc.h headers := $(dist-headers) obstack.h mcheck.h tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \ tst-mallocstate tst-mcheck tst-mallocfork tst-trim1 \ - tst-malloc-usable tst-realloc tst-posix_memalign \ + tst-malloc-usable tst-realloc tst-reallocarray tst-posix_memalign \ tst-pvalloc tst-memalign tst-mallopt tst-scratch_buffer \ tst-malloc-backtrace tst-malloc-thread-exit \ tst-malloc-thread-fail tst-malloc-fork-deadlock \ @@ -47,7 +47,7 @@ endif tests += $(tests-static) test-srcs = tst-mtrace -routines = malloc morecore mcheck mtrace obstack \ +routines = malloc morecore mcheck mtrace obstack reallocarray \ scratch_buffer_grow scratch_buffer_grow_preserve \ scratch_buffer_set_array_size diff --git a/malloc/Versions b/malloc/Versions index e34ab177be..23aafb5ccc 100644 --- a/malloc/Versions +++ b/malloc/Versions @@ -62,6 +62,7 @@ libc { aligned_alloc; } GLIBC_2.26 { + reallocarray; } GLIBC_PRIVATE { # Internal startup hook for libpthread. @@ -74,5 +75,8 @@ libc { __libc_scratch_buffer_grow; __libc_scratch_buffer_grow_preserve; __libc_scratch_buffer_set_array_size; + + # Internal name for reallocarray + __libc_reallocarray; } } diff --git a/malloc/malloc-private.h b/malloc/malloc-private.h new file mode 100644 index 0000000000..56b9fbd708 --- /dev/null +++ b/malloc/malloc-private.h @@ -0,0 +1,44 @@ +/* Private declarations for malloc, for use within libc. + Copyright (C) 2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; see the file COPYING.LIB. If + not, see . */ + +#ifndef _MALLOC_PRIVATE_H +#define _MALLOC_PRIVATE_H + +#include + +static inline bool +check_mul_overflow (size_t l, size_t r, INTERNAL_SIZE_T *result) +{ +#if __GNUC__ >= 5 + return __builtin_mul_overflow (l, r, result); +#else + /* size_t is unsigned so the behavior on overflow is defined. */ + *result = l * r; +# define HALF_INTERNAL_SIZE_T \ + (((INTERNAL_SIZE_T) 1) << (8 * sizeof (INTERNAL_SIZE_T) / 2)) + if (__glibc_unlikely ((l | r) >= HALF_INTERNAL_SIZE_T)) + { + if (r != 0 && *result / r != l) + return true; + } + return false; +# undef HALF_INTERNAL_SIZE_T +#endif +} + +#endif /* _MALLOC_PRIVATE_H */ diff --git a/malloc/malloc.c b/malloc/malloc.c index 068ffc1684..a21910c4eb 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -239,6 +239,7 @@ #include #include +#include /* Debugging: @@ -3179,17 +3180,10 @@ __libc_calloc (size_t n, size_t elem_size) unsigned long nclears; INTERNAL_SIZE_T *d; - /* size_t is unsigned so the behavior on overflow is defined. */ - bytes = n * elem_size; -#define HALF_INTERNAL_SIZE_T \ - (((INTERNAL_SIZE_T) 1) << (8 * sizeof (INTERNAL_SIZE_T) / 2)) - if (__builtin_expect ((n | elem_size) >= HALF_INTERNAL_SIZE_T, 0)) + if (check_mul_overflow (n, elem_size, &bytes)) { - if (elem_size != 0 && bytes / elem_size != n) - { - __set_errno (ENOMEM); - return 0; - } + __set_errno (ENOMEM); + return 0; } void *(*hook) (size_t, const void *) = diff --git a/malloc/malloc.h b/malloc/malloc.h index 274c0958e4..339ab64c7d 100644 --- a/malloc/malloc.h +++ b/malloc/malloc.h @@ -49,6 +49,14 @@ __THROW __attribute_malloc__ __wur; extern void *realloc (void *__ptr, size_t __size) __THROW __attribute_warn_unused_result__; +/* Re-allocate the previously allocated block in PTR, making the new + block large enough for NMEMB elements of SIZE bytes each. */ +/* __attribute_malloc__ is not used, because if reallocarray returns + the same pointer that was passed to it, aliasing needs to be allowed + between objects pointed by the old and new pointers. */ +extern void *reallocarray (void *__ptr, size_t __nmemb, size_t __size) +__THROW __attribute_warn_unused_result__; + /* Free a block allocated by `malloc', `realloc' or `calloc'. */ extern void free (void *__ptr) __THROW; diff --git a/malloc/reallocarray.c b/malloc/reallocarray.c new file mode 100644 index 0000000000..0755f2ab90 --- /dev/null +++ b/malloc/reallocarray.c @@ -0,0 +1,36 @@ +/* Change the size of an allocated block. + Copyright (C) 2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; see the file COPYING.LIB. If + not, see . */ + +#include +#include + +void * +__libc_reallocarray (void *optr, size_t nmemb, size_t elem_size) +{ + INTERNAL_SIZE_T bytes; + if (check_mul_overflow (nmemb, elem_size, &bytes)) + { + __set_errno (ENOMEM); + return 0; + } + else + return realloc (optr, bytes); +} + +strong_alias (__libc_reallocarray, __reallocarray) +weak_alias (__libc_reallocarray, reallocarray) diff --git a/malloc/tst-reallocarray.c b/malloc/tst-reallocarray.c new file mode 100644 index 0000000000..2d82c9d3da --- /dev/null +++ b/malloc/tst-reallocarray.c @@ -0,0 +1,159 @@ +/* Test for reallocarray. + Copyright (C) 2014-2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int errors = 0; + +static void +merror (const char *msg) +{ + ++errors; + printf ("Error: %s.\n", msg); +} + +static int +do_test (void) + +{ + void *ptr = NULL; + void *ptr2 = NULL; + unsigned char *c; + size_t i; + int ok; + const size_t max = ~(size_t)0; + size_t a, b; + + /* Test overflow detection. */ + errno = 0; + ptr = reallocarray (NULL, max, 2); + if (ptr) + { + merror ("Overflow for size_t MAX * 2 not detected"); + free (ptr); + } + else if (errno != ENOMEM) + merror ("errno is not set correctly"); + + errno = 0; + ptr = reallocarray (NULL, 2, max); + if (ptr) + { + merror ("Overflow for 2 * size_t MAX not detected"); + free (ptr); + } + else if (errno != ENOMEM) + merror ("errno is not set correctly"); + + a = 65537; + b = max/65537 + 1; + errno = 0; + ptr = reallocarray (NULL, a, b); + if (ptr) + { + merror ("Overflow for (size_t MAX/65537 + 1) * 65537 not detected"); + free (ptr); + } + else if (errno != ENOMEM) + merror ("errno is not set correctly"); + + errno = 0; + ptr = reallocarray (NULL, b, a); + if (ptr) + { + merror ("Overflow for 65537 * (size_t MAX/65537 + 1) not detected"); + free (ptr); + } + else if (errno != ENOMEM) + merror ("errno is not set correctly"); + + /* Test realloc-like behavior. */ + /* Allocate memory like malloc. */ + ptr = reallocarray (NULL, 10, 2); + if (!ptr) + merror ("realloc(NULL, 10, 2) failed"); + + memset (ptr, 0xAF, 10*2); + + /* Enlarge buffer. */ + ptr2 = reallocarray (ptr, 20, 2); + if (!ptr2) + merror ("realloc(ptr, 20, 2) failed (enlarge)"); + else + ptr = ptr2; + + c = ptr; + ok = 1; + for (i = 0; i < 10*2; ++i) + { + if (c[i] != 0xAF) + ok = 0; + } + if (!ok) + merror ("Enlarging changed buffer content (10*2)"); + + /* Decrease buffer size. */ + ptr2 = reallocarray (ptr, 5, 3); + if (!ptr2) + merror ("realloc(ptr, 5, 3) failed (decrease)"); + else + ptr = ptr2; + + c = ptr; + ok = 1; + for (i = 0; i < 5*3; ++i) + { + if (c[i] != 0xAF) + ok = 0; + } + if (!ok) + merror ("Reducing changed buffer content (5*3)"); + + /* Overflow should leave buffer untouched. */ + errno = 0; + ptr2 = reallocarray (ptr, 2, ~(size_t)0); + if (ptr2) + merror ("realloc(ptr, 2, size_t MAX) failed to detect overflow"); + if (errno != ENOMEM) + merror ("errno not set correctly"); + + c = ptr; + ok = 1; + for (i = 0; i < 5*3; ++i) + { + if (c[i] != 0xAF) + ok = 0; + } + if (!ok) + merror ("Overflow changed buffer content (5*3)"); + + /* Free buffer (glibc). */ + errno = 0; + ptr2 = reallocarray (ptr, 0, 0); + if (ptr2) + merror ("reallocarray (ptr, 0, 0) returned non-NULL"); + + free (ptr2); + + return errors != 0; +} + +#include diff --git a/manual/memory.texi b/manual/memory.texi index a256ca07b2..9758365eb7 100644 --- a/manual/memory.texi +++ b/manual/memory.texi @@ -751,8 +751,8 @@ be a buffer that you use to hold a line being read from a file; no matter how long you make the buffer initially, you may encounter a line that is longer. -You can make the block longer by calling @code{realloc}. This function -is declared in @file{stdlib.h}. +You can make the block longer by calling @code{realloc} or +@code{reallocarray}. These functions are declared in @file{stdlib.h}. @pindex stdlib.h @comment malloc.h stdlib.h @@ -816,6 +816,21 @@ behavior, and will probably crash when @code{realloc} is passed a null pointer. @end deftypefun +@comment malloc.h stdlib.h +@comment BSD +@deftypefun {void *} reallocarray (void *@var{ptr}, size_t @var{nmemb}, size_t @var{size}) +@safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} + +The @code{reallocarray} function changes the size of the block whose address +is @var{ptr} to be long enough to contain a vector of @var{nmemb} elements, +each of size @var{size}. It is equivalent to @samp{realloc (@var{ptr}, +@var{nmemb} * @var{size})}, except that @code{reallocarray} fails if the +multiplication overflows. + +@code{reallocarray} should be used instead of @code{realloc} when the new size +of the allocated block is the result of a multiplication that might overflow. +@end deftypefun + Like @code{malloc}, @code{realloc} may return a null pointer if no memory space is available to make the block bigger. When this happens, the original block is untouched; it has not been modified or relocated. @@ -1588,6 +1603,11 @@ Malloc}. Make a block previously allocated by @code{malloc} larger or smaller, possibly by copying it to a new location. @xref{Changing Block Size}. +@item void *reallocarray (void *@var{ptr}, size_t @var{nmemb}, size_t @var{size}) +Change the size of a block previously allocated by @code{malloc} to +@code{@var{nmemb} * @var{size}} bytes as with @code{realloc}. @xref{Changing +Block Size}. + @item void *calloc (size_t @var{count}, size_t @var{eltsize}) Allocate a block of @var{count} * @var{eltsize} bytes using @code{malloc}, and set its contents to zero. @xref{Allocating Cleared diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h index 99125f2d23..428ca2ef68 100644 --- a/stdlib/stdlib.h +++ b/stdlib/stdlib.h @@ -422,6 +422,17 @@ extern void *calloc (size_t __nmemb, size_t __size) between objects pointed by the old and new pointers. */ extern void *realloc (void *__ptr, size_t __size) __THROW __attribute_warn_unused_result__; + +#ifdef __USE_GNU +/* Re-allocate the previously allocated block in PTR, making the new + block large enough for NMEMB elements of SIZE bytes each. */ +/* __attribute_malloc__ is not used, because if reallocarray returns + the same pointer that was passed to it, aliasing needs to be allowed + between objects pointed by the old and new pointers. */ +extern void *reallocarray (void *__ptr, size_t __nmemb, size_t __size) + __THROW __attribute_warn_unused_result__; +#endif + /* Free a block allocated by `malloc', `realloc' or `calloc'. */ extern void free (void *__ptr) __THROW; diff --git a/sysdeps/arm/nacl/libc.abilist b/sysdeps/arm/nacl/libc.abilist index abd70c8108..b60bf7049a 100644 --- a/sysdeps/arm/nacl/libc.abilist +++ b/sysdeps/arm/nacl/libc.abilist @@ -1853,3 +1853,5 @@ GLIBC_2.25 gnu_dev_minor F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/aarch64/libc.abilist b/sysdeps/unix/sysv/linux/aarch64/libc.abilist index 58d768c6bc..a494c3947d 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc.abilist +++ b/sysdeps/unix/sysv/linux/aarch64/libc.abilist @@ -2097,3 +2097,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/alpha/libc.abilist b/sysdeps/unix/sysv/linux/alpha/libc.abilist index 906050d2c3..2fc1a9bae7 100644 --- a/sysdeps/unix/sysv/linux/alpha/libc.abilist +++ b/sysdeps/unix/sysv/linux/alpha/libc.abilist @@ -2008,6 +2008,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/arm/libc.abilist b/sysdeps/unix/sysv/linux/arm/libc.abilist index 66112dd0a7..4465a62ff1 100644 --- a/sysdeps/unix/sysv/linux/arm/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/libc.abilist @@ -98,6 +98,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.4 GLIBC_2.4 A GLIBC_2.4 _Exit F GLIBC_2.4 _IO_2_1_stderr_ D 0xa0 diff --git a/sysdeps/unix/sysv/linux/hppa/libc.abilist b/sysdeps/unix/sysv/linux/hppa/libc.abilist index 3ddadd2a24..96126d9e6a 100644 --- a/sysdeps/unix/sysv/linux/hppa/libc.abilist +++ b/sysdeps/unix/sysv/linux/hppa/libc.abilist @@ -1862,6 +1862,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/i386/libc.abilist b/sysdeps/unix/sysv/linux/i386/libc.abilist index 977ab90bc7..aae351bbff 100644 --- a/sysdeps/unix/sysv/linux/i386/libc.abilist +++ b/sysdeps/unix/sysv/linux/i386/libc.abilist @@ -2020,6 +2020,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/ia64/libc.abilist b/sysdeps/unix/sysv/linux/ia64/libc.abilist index c7edb9a272..81ec65bec0 100644 --- a/sysdeps/unix/sysv/linux/ia64/libc.abilist +++ b/sysdeps/unix/sysv/linux/ia64/libc.abilist @@ -1884,6 +1884,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist index 450be4e9c1..9db205b68e 100644 --- a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist @@ -99,6 +99,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.4 GLIBC_2.4 A GLIBC_2.4 _Exit F GLIBC_2.4 _IO_2_1_stderr_ D 0x98 diff --git a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist index 9e016bd76e..ee59e950b6 100644 --- a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist @@ -1976,6 +1976,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/microblaze/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/libc.abilist index 1a455be0f5..feb869757c 100644 --- a/sysdeps/unix/sysv/linux/microblaze/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/libc.abilist @@ -2097,3 +2097,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist index 8eb5e668b9..a5b1c42929 100644 --- a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist @@ -1951,6 +1951,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist index 416d9ac0ae..570a859aac 100644 --- a/sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist @@ -1949,6 +1949,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist index f4949e5a38..71008ad873 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist @@ -1947,6 +1947,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist index c7375aee3f..1a07d66caf 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist @@ -1942,6 +1942,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/nios2/libc.abilist b/sysdeps/unix/sysv/linux/nios2/libc.abilist index 724a0e3a04..a62a41be62 100644 --- a/sysdeps/unix/sysv/linux/nios2/libc.abilist +++ b/sysdeps/unix/sysv/linux/nios2/libc.abilist @@ -2138,3 +2138,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist index 2dc32b631c..f4f11dc625 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist @@ -1980,6 +1980,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist index 5658109ca2..2977569f2c 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist @@ -1985,6 +1985,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist index c761221ffe..271d32e19b 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist @@ -2185,3 +2185,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist index 265c76914b..372ef67c27 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist @@ -99,6 +99,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 _Exit F GLIBC_2.3 _IO_2_1_stderr_ D 0xe0 diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist index ed1b6bf26f..705ff851a9 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist @@ -1980,6 +1980,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist index 2e75d29e47..21fd2b5671 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist @@ -1881,6 +1881,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/sh/libc.abilist b/sysdeps/unix/sysv/linux/sh/libc.abilist index bd74c0cdab..313a71e589 100644 --- a/sysdeps/unix/sysv/linux/sh/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/libc.abilist @@ -1866,6 +1866,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist index 5584838409..94a4fb2213 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist @@ -1972,6 +1972,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist index efedbe2874..6db5811c3f 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist @@ -1910,6 +1910,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist b/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist index ffd988a33d..5d83926aac 100644 --- a/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist +++ b/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist @@ -2104,3 +2104,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist b/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist index f0c13ceea8..ce14ceb15f 100644 --- a/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist +++ b/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist @@ -2104,3 +2104,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist b/sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist index ffd988a33d..5d83926aac 100644 --- a/sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist +++ b/sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist @@ -2104,3 +2104,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F diff --git a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist index f57004c860..f69de7aa83 100644 --- a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist @@ -1861,6 +1861,8 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F GLIBC_2.3 GLIBC_2.3 A GLIBC_2.3 __ctype_b_loc F GLIBC_2.3 __ctype_tolower_loc F diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist index 05629e17e7..a330855308 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist @@ -2104,3 +2104,5 @@ GLIBC_2.25 getrandom F GLIBC_2.25 strfromd F GLIBC_2.25 strfromf F GLIBC_2.25 strfroml F +GLIBC_2.26 GLIBC_2.26 A +GLIBC_2.26 reallocarray F