Previously, we used __builtin_mul_overflow() to check for overflow in
the multiplication operation in the calloc() function. However, older
compiler versions don't support this built-in. This patch changes the
overflow checking mechanism to make it work on any compiler version
by using a division method to check for overflow. No functional change
intended. While in there, remove the unused variable `void *orig`.
Link: https://lore.kernel.org/lkml/[email protected]
Suggested-by: Willy Tarreau <[email protected]>
Cc: Alviro Iskandar Setiawan <[email protected]>
Signed-off-by: Ammar Faizi <[email protected]>
---
tools/include/nolibc/stdlib.h | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/tools/include/nolibc/stdlib.h b/tools/include/nolibc/stdlib.h
index 8fd32eaf8037..92378c4b9660 100644
--- a/tools/include/nolibc/stdlib.h
+++ b/tools/include/nolibc/stdlib.h
@@ -128,10 +128,9 @@ void *malloc(size_t len)
static __attribute__((unused))
void *calloc(size_t size, size_t nmemb)
{
- void *orig;
- size_t res = 0;
+ size_t x = size * nmemb;
- if (__builtin_expect(__builtin_mul_overflow(nmemb, size, &res), 0)) {
+ if (__builtin_expect(size && ((x / size) != nmemb), 0)) {
SET_ERRNO(ENOMEM);
return NULL;
}
@@ -140,7 +139,7 @@ void *calloc(size_t size, size_t nmemb)
* No need to zero the heap, the MAP_ANONYMOUS in malloc()
* already does it.
*/
- return malloc(res);
+ return malloc(x);
}
static __attribute__((unused))
--
Ammar Faizi
On Fri, May 20, 2022 at 12:21 AM Ammar Faizi <[email protected]> wrote:
> Previously, we used __builtin_mul_overflow() to check for overflow in
> the multiplication operation in the calloc() function. However, older
> compiler versions don't support this built-in. This patch changes the
> overflow checking mechanism to make it work on any compiler version
> by using a division method to check for overflow. No functional change
> intended. While in there, remove the unused variable `void *orig`.
>
> Link: https://lore.kernel.org/lkml/[email protected]
> Suggested-by: Willy Tarreau <[email protected]>
> Cc: Alviro Iskandar Setiawan <[email protected]>
> Signed-off-by: Ammar Faizi <[email protected]>
Reviewed-by: Alviro Iskandar Setiawan <[email protected]>
tq
-- Viro
Hi Ammar,
On Fri, May 20, 2022 at 12:21:15AM +0700, Ammar Faizi wrote:
> diff --git a/tools/include/nolibc/stdlib.h b/tools/include/nolibc/stdlib.h
> index 8fd32eaf8037..92378c4b9660 100644
> --- a/tools/include/nolibc/stdlib.h
> +++ b/tools/include/nolibc/stdlib.h
> @@ -128,10 +128,9 @@ void *malloc(size_t len)
> static __attribute__((unused))
> void *calloc(size_t size, size_t nmemb)
> {
> - void *orig;
> - size_t res = 0;
> + size_t x = size * nmemb;
>
> - if (__builtin_expect(__builtin_mul_overflow(nmemb, size, &res), 0)) {
> + if (__builtin_expect(size && ((x / size) != nmemb), 0)) {
Ah, that approach is even better than mine, I'm seeing that on x86 the
compiler simply checks the overflow flag after the multiply, that's
perfect!
Acked-by: Willy Tarreau <[email protected]>
Willy
On Fri, May 20, 2022 at 06:29:56PM +0700, Alviro Iskandar Setiawan wrote:
> On Fri, May 20, 2022 at 12:21 AM Ammar Faizi <[email protected]> wrote:
> > Previously, we used __builtin_mul_overflow() to check for overflow in
> > the multiplication operation in the calloc() function. However, older
> > compiler versions don't support this built-in. This patch changes the
> > overflow checking mechanism to make it work on any compiler version
> > by using a division method to check for overflow. No functional change
> > intended. While in there, remove the unused variable `void *orig`.
> >
> > Link: https://lore.kernel.org/lkml/[email protected]
> > Suggested-by: Willy Tarreau <[email protected]>
> > Cc: Alviro Iskandar Setiawan <[email protected]>
> > Signed-off-by: Ammar Faizi <[email protected]>
>
> Reviewed-by: Alviro Iskandar Setiawan <[email protected]>
>
> tq
>
> -- Viro
I have queued both patches with yours and Willy Tarreau's reviews
and acks. Thank you all!
Thanx, Paul