1
/*
2
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3
 *
4
 * This code is free software; you can redistribute it and/or modify it
5
 * under the terms of the GNU General Public License version 2 only, as
6
 * published by the Free Software Foundation.  Oracle designates this
7
 * particular file as subject to the "Classpath" exception as provided
8
 * by Oracle in the LICENSE file that accompanied this code.
9
 *
10
 * This code is distributed in the hope that it will be useful, but WITHOUT
11
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
13
 * version 2 for more details (a copy is included in the LICENSE file that
14
 * accompanied this code).
15
 *
16
 * You should have received a copy of the GNU General Public License version
17
 * 2 along with this work; if not, write to the Free Software Foundation,
18
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19
 *
20
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21
 * or visit www.oracle.com if you need additional information or have any
22
 * questions.
23
 */
24

25
/*    $OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $    */
26
/*
27
 * Copyright (c) 2008 Otto Moerbeek <[email protected]>
28
 * SPDX-License-Identifier: MIT
29
 */
30

31
#include <sys/types.h>
32
#include <errno.h>
33
#include <stdint.h>
34
#include <stdlib.h>
35

36
#ifndef SIZE_MAX
37
    #define SIZE_MAX     UINTPTR_MAX
38
#endif
39

40
/*
41
 * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
42
 * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
43
 */
44
#define MUL_NO_OVERFLOW    ((size_t)1 << (sizeof(size_t) * 4))
45

46
void *
47
openbsd_reallocarray(void *optr, size_t nmemb, size_t size)
48
{
49
    if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
50
        nmemb > 0 && SIZE_MAX / nmemb < size) {
51
        errno = ENOMEM;
52
        return NULL;
53
    }
54
    /*
55
     * Head off variations in realloc behavior on different
56
     * platforms (reported by MarkR <[email protected]>)
57
     *
58
     * The behaviour of reallocarray is implementation-defined if
59
     * nmemb or size is zero. It can return NULL or non-NULL
60
     * depending on the platform.
61
     * https://www.securecoding.cert.org/confluence/display/c/MEM04-C.Beware+of+zero-lengthallocations
62
     *
63
     * Here are some extracts from realloc man pages on different platforms.
64
     *
65
     * void realloc( void memblock, size_t size );
66
     *
67
     * Windows:
68
     *
69
     * If there is not enough available memory to expand the block
70
     * to the given size, the original block is left unchanged,
71
     * and NULL is returned.  If size is zero, then the block
72
     * pointed to by memblock is freed; the return value is NULL,
73
     * and memblock is left pointing at a freed block.
74
     *
75
     * OpenBSD:
76
     *
77
     * If size or nmemb is equal to 0, a unique pointer to an
78
     * access protected, zero sized object is returned. Access via
79
     * this pointer will generate a SIGSEGV exception.
80
     *
81
     * Linux:
82
     *
83
     * If size was equal to 0, either NULL or a pointer suitable
84
     * to be passed to free() is returned.
85
     *
86
     * OS X:
87
     *
88
     * If size is zero and ptr is not NULL, a new, minimum sized
89
     * object is allocated and the original object is freed.
90
     *
91
     * It looks like images with zero width or height can trigger
92
     * this, and fuzzing behaviour will differ by platform, so
93
     * fuzzing on one platform may not detect zero-size allocation
94
     * problems on other platforms.
95
     */
96
    if (size == 0 || nmemb == 0)
97
        return NULL;
98
    return realloc(optr, size * nmemb);
99
}
100

101