On 16 June 2014 09:39, Janne Blomqvist <blomqvist.ja...@gmail.com> wrote: > On Mon, Jun 16, 2014 at 10:01 AM, Bernhard Reutner-Fischer > <rep.dot....@gmail.com> wrote: >> On 16 June 2014 08:20:09 Janne Blomqvist <blomqvist.ja...@gmail.com> wrote: >> >>> On Sun, Jun 15, 2014 at 8:23 AM, Bernhard Reutner-Fischer >>> <rep.dot....@gmail.com> wrote: >>> > >>> >> >> On Tue, May 20, 2014 at 12:42 AM, Janne Blomqvist >>> >> >> <blomqvist.ja...@gmail.com> wrote: >>> >> >>> On Thu, May 15, 2014 at 1:00 AM, Janne Blomqvist >>> >> >>> <blomqvist.ja...@gmail.com> wrote: >>> >> >>>> Hi, >>> >> >>>> >>> >> >>>> a common malloc() pattern is "malloc(num_foo * sizeof(foo_t)", >>> >> >>>> that >>> >> >>>> is, create space for an array of type foo_t with num_foo elements. >>> >> >>>> There is a slight danger here in that the multiplication can >>> >> >>>> overflow >>> >> >>>> and wrap around, and then the caller thinks it has a larger array >>> >> >>>> than >>> >> >>>> what malloc has actually created. The attached patch changes the >>> >> >>>> libgfortran xmalloc() function to have an API similar to calloc() >>> >> >>>> with >>> >> >>>> two arguments, and the implementation checks for wraparound. >>> >> >>> >>> >> >>> Hello, >>> >> >>> >>> >> >>> attached is an updated patch which instead introduces a new >>> >> >>> function, >>> >> >>> xmallocarray, with the overflow check, and leaves the existing >>> >> >>> xmalloc >>> >> >>> as is. Thus avoiding the extra checking in the common case where >>> >> >>> one >>> >> >>> of the arguments to xmallocarray would be 1. >>> >> >>> >>> >> >>> Tested on x86_64-unknown-linux-gnu, Ok for trunk? >>> >> >>> >>> > >>> > >>> > I would prefer if xcmalloc would not be named xmallocarray. >>> >>> Hmm, never heard of that one before, but I have no particular >> >> >> Great, I fat-fingered it, meant xcalloc. > > Ah well, we already have xcalloc, which is a calloc() wrapper. The > intention of the new function here is to be a malloc() wrapper, but > with an overflow check. There is no need to zero the memory, hence > calloc() is not appropriate.
I see. So i suppose your v2 patch is fine then. cheers,