-
-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add mutt_mem_recalloc() #3890
base: main
Are you sure you want to change the base?
add mutt_mem_recalloc() #3890
Conversation
I think this is a good idea. Zeroing memory will either prevent UAFs (null pointer is detected) or cause a more consistent and easier to debug crash. |
3d09bc3
to
6cbe303
Compare
d4421a9
to
1da22f0
Compare
4b9a892
to
34af1c3
Compare
f5baa54
to
9d23089
Compare
664d7e9
to
bee7d12
Compare
bee7d12
to
eafbc55
Compare
cbff643
to
ce65e27
Compare
ce65e27
to
dc7a199
Compare
1176268
to
d8d5c4c
Compare
fd9637a
to
6005578
Compare
c4049d2
to
428e780
Compare
c25bb45
to
ec3743c
Compare
Reallocate a block of memory. If the size increases, automatically zero the new bit.
Add a calloc()-style wrapper around recalloc().
Update: Renamed functions -- Prior art in BSD. |
Ahhh, I didn't find this PR! :-) |
Hi @flatcap ! Sorry; I just remembered a detail about recallocarray(3): not only it clears new memory, it also clears the freed memory (like explicit_bzero(3)). Maybe we should also clear the freed space if new_size < cur_size? Or if we don't care about that, use a slightly different name such as rezalloc()? |
Signed-off-by: Alejandro Colomar <[email protected]>
Hmm... I hadn't considered that. |
Add a function to resize a block of memory.
If the size increases, then zero the new bit.
Discussion
There are about 90 calls to
mutt_mem_realloc()
in the code.They fall into four categories:
Structured ('n' repeated blocks)
A dynamic array of objects / pointers
Unstructured (one large undifferentiated block)
Wipe
The new memory is
memset(0)
d, or zeroed with afor
loopNo wipe
New memory is left uninitialised
Should we always zero the new block?
For a small cost, should we initialise all memory?
Even if it's going to get overwritten soon?
Should we replace any
malloc()
s withcalloc()
andrecalloc()
?Is
recalloc()
a worthwhile step forward?I worked through a handful of functions which dynamically allocate arrays.
They would be tidier using
recalloc()
, but ultimately they'd probably be better off usingARRAY
.Upgrading to
ARRAY
would be quite a bit of work.Add
recalloc()
Ages ago, on IRC, we discussed a
recalloc()
function that would streamlinerealloc()
/memset()
Here's what it could look like...
neomutt/mutt/memory.c
Line 153 in a7f7cf1
Before
recalloc()
neomutt/editor/state.c
Lines 62 to 67 in 371a8ad
After
recalloc()
neomutt/editor/state.c
Lines 61 to 66 in becd9a0
The code usually stores the number of items contained in the array,
so for tidiness I've done the calculations first.
It's a bit better, but still a bit clunky.
Add
recallocarray()
neomutt/mutt/memory.h
Line 57 in a7f7cf1
This is just a convenience wrapper around
recalloc()
-- it simplifies the maths.After
recallocarray()
neomutt/editor/state.c
Lines 61 to 64 in a7f7cf1