WebPCheckMalloc() and WebPCheckCalloc():

safe size-checking versions of malloc() and calloc() Change-Id: Iffa3138c48b9b254b3d7eaad913e1f852d9dafba
2024-11-19 20:08:28 +01:00 · 2012-07-31 16:56:39 -07:00 · 2012-07-31 16:56:39 -07:00 · 80cc7303ab
commit 80cc7303ab
parent 7d732f905b
6 changed files with 93 additions and 0 deletions
--- a/Android.mk
+++ b/Android.mk
@ -47,6 +47,7 @@ LOCAL_SRC_FILES := \
    src/utils/quant_levels.c \
    src/utils/rescaler.c \
    src/utils/thread.c \
+    src/utils/utils.c \

 LOCAL_CFLAGS := -Wall -DANDROID -DHAVE_MALLOC_H -DHAVE_PTHREAD \
                -DNOT_HAVE_LOG2 -DWEBP_USE_THREAD \
--- a/Makefile.vc
+++ b/Makefile.vc
@ -199,6 +199,7 @@ UTILS_OBJS = \
    $(DIROBJ)\utils\quant_levels.obj \
    $(DIROBJ)\utils\rescaler.obj \
    $(DIROBJ)\utils\thread.obj \
+    $(DIROBJ)\utils\utils.obj \

 LIBWEBP_OBJS = $(DEC_OBJS) $(DSP_OBJS) $(ENC_OBJS) $(UTILS_OBJS) $(LIBWEBP_OBJS)
 LIBWEBPMUX_OBJS = $(MUX_OBJS) $(LIBWEBPMUX_OBJS)
--- a/makefile.unix
+++ b/makefile.unix
@ -130,6 +130,7 @@ UTILS_OBJS = \
    src/utils/quant_levels.o \
    src/utils/rescaler.o \
    src/utils/thread.o \
+    src/utils/utils.o \

 LIBWEBP_OBJS = $(DEC_OBJS) $(DSP_OBJS) $(ENC_OBJS) $(UTILS_OBJS)
 LIBWEBPMUX_OBJS = $(MUX_OBJS)
--- a/src/utils/Makefile.am
+++ b/src/utils/Makefile.am
@ -20,6 +20,8 @@ libwebputils_la_SOURCES += rescaler.c
 libwebputils_la_SOURCES += rescaler.h
 libwebputils_la_SOURCES += thread.c
 libwebputils_la_SOURCES += thread.h
+libwebputils_la_SOURCES += utils.c
+libwebputils_la_SOURCES += utils.h

 libwebputilsinclude_HEADERS = ../webp/types.h
 libwebputilsincludedir = $(includedir)/webp
--- a/src/utils/utils.c
+++ b/src/utils/utils.c
@ -0,0 +1,44 @@
+// Copyright 2012 Google Inc. All Rights Reserved.
+//
+// This code is licensed under the same terms as WebM:
+//  Software License Agreement:  http://www.webmproject.org/license/software/
+//  Additional IP Rights Grant:  http://www.webmproject.org/license/additional/
+// -----------------------------------------------------------------------------
+//
+// Misc. common utility functions
+//
+// Author: Skal (pascal.massimino@gmail.com)
+
+#include <stdlib.h>
+#include "./utils.h"
+
+#if defined(__cplusplus) || defined(c_plusplus)
+extern "C" {
+#endif
+
+//------------------------------------------------------------------------------
+// Checked memory allocation
+
+static int CheckSizeArguments(uint64_t nmemb, size_t size) {
+  const uint64_t total_size = nmemb * size;
+  if (nmemb == 0) return 1;
+  if ((uint64_t)size > WEBP_MAX_ALLOCABLE_MEMORY / nmemb) return 0;
+  if (total_size != (size_t)total_size) return 0;
+  return 1;
+}
+
+void* WebPSafeMalloc(uint64_t nmemb, size_t size) {
+  if (!CheckSizeArguments(nmemb, size)) return NULL;
+  return malloc((size_t)(nmemb * size));
+}
+
+void* WebPSafeCalloc(uint64_t nmemb, size_t size) {
+  if (!CheckSizeArguments(nmemb, size)) return NULL;
+  return calloc((size_t)nmemb, size);
+}
+
+//------------------------------------------------------------------------------
+
+#if defined(__cplusplus) || defined(c_plusplus)
+}    // extern "C"
+#endif
--- a/src/utils/utils.h
+++ b/src/utils/utils.h
@ -0,0 +1,44 @@
+// Copyright 2012 Google Inc. All Rights Reserved.
+//
+// This code is licensed under the same terms as WebM:
+//  Software License Agreement:  http://www.webmproject.org/license/software/
+//  Additional IP Rights Grant:  http://www.webmproject.org/license/additional/
+// -----------------------------------------------------------------------------
+//
+// Misc. common utility functions
+//
+// Author: Skal (pascal.massimino@gmail.com)
+
+#ifndef WEBP_UTILS_UTILS_H_
+#define WEBP_UTILS_UTILS_H_
+
+#include "../webp/types.h"
+
+#if defined(__cplusplus) || defined(c_plusplus)
+extern "C" {
+#endif
+
+//------------------------------------------------------------------------------
+// Memory allocation
+
+// This is the maximum memory amount that libwebp will ever try to allocate.
+#define WEBP_MAX_ALLOCABLE_MEMORY (1ULL << 40)
+
+// size-checking safe malloc/calloc: verify that the requested size is not too
+// large, or return NULL. You don't need to call these for constructs like
+// malloc(sizeof(foo)), but only if there's picture-dependent size involved
+// somewhere (like: malloc(num_pixels * sizeof(*something))). That's why this
+// safe malloc() borrows the signature from calloc(), pointing at the dangerous
+// underlying multiply involved.
+void* WebPSafeMalloc(uint64_t nmemb, size_t size);
+// Note that WebPSafeCalloc() expects the second argument type to be 'size_t'
+// in order to favor the "calloc(num_foo, sizeof(foo))" pattern.
+void* WebPSafeCalloc(uint64_t nmemb, size_t size);
+
+//------------------------------------------------------------------------------
+
+#if defined(__cplusplus) || defined(c_plusplus)
+}    // extern "C"
+#endif
+
+#endif  /* WEBP_UTILS_UTILS_H_ */