From 80cc7303abce069415b039746c23a7750b4d6790 Mon Sep 17 00:00:00 2001
From: Pascal Massimino <pascal.massimino@gmail.com>
Date: Tue, 31 Jul 2012 16:56:39 -0700
Subject: [PATCH] WebPCheckMalloc() and WebPCheckCalloc():

safe size-checking versions of malloc() and calloc()

Change-Id: Iffa3138c48b9b254b3d7eaad913e1f852d9dafba
---
 Android.mk            |  1 +
 Makefile.vc           |  1 +
 makefile.unix         |  1 +
 src/utils/Makefile.am |  2 ++
 src/utils/utils.c     | 44 +++++++++++++++++++++++++++++++++++++++++++
 src/utils/utils.h     | 44 +++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 93 insertions(+)
 create mode 100644 src/utils/utils.c
 create mode 100644 src/utils/utils.h

diff --git a/Android.mk b/Android.mk
index 6931f9d5..8daa508d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -47,6 +47,7 @@ LOCAL_SRC_FILES := \
     src/utils/quant_levels.c \
     src/utils/rescaler.c \
     src/utils/thread.c \
+    src/utils/utils.c \
 
 LOCAL_CFLAGS := -Wall -DANDROID -DHAVE_MALLOC_H -DHAVE_PTHREAD \
                 -DNOT_HAVE_LOG2 -DWEBP_USE_THREAD \
diff --git a/Makefile.vc b/Makefile.vc
index a0a495c4..c69b62dc 100644
--- a/Makefile.vc
+++ b/Makefile.vc
@@ -199,6 +199,7 @@ UTILS_OBJS = \
     $(DIROBJ)\utils\quant_levels.obj \
     $(DIROBJ)\utils\rescaler.obj \
     $(DIROBJ)\utils\thread.obj \
+    $(DIROBJ)\utils\utils.obj \
 
 LIBWEBP_OBJS = $(DEC_OBJS) $(DSP_OBJS) $(ENC_OBJS) $(UTILS_OBJS) $(LIBWEBP_OBJS)
 LIBWEBPMUX_OBJS = $(MUX_OBJS) $(LIBWEBPMUX_OBJS)
diff --git a/makefile.unix b/makefile.unix
index 473b90af..85b21073 100644
--- a/makefile.unix
+++ b/makefile.unix
@@ -130,6 +130,7 @@ UTILS_OBJS = \
     src/utils/quant_levels.o \
     src/utils/rescaler.o \
     src/utils/thread.o \
+    src/utils/utils.o \
 
 LIBWEBP_OBJS = $(DEC_OBJS) $(DSP_OBJS) $(ENC_OBJS) $(UTILS_OBJS)
 LIBWEBPMUX_OBJS = $(MUX_OBJS)
diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am
index 96b2bd45..65054c03 100644
--- a/src/utils/Makefile.am
+++ b/src/utils/Makefile.am
@@ -20,6 +20,8 @@ libwebputils_la_SOURCES += rescaler.c
 libwebputils_la_SOURCES += rescaler.h
 libwebputils_la_SOURCES += thread.c
 libwebputils_la_SOURCES += thread.h
+libwebputils_la_SOURCES += utils.c
+libwebputils_la_SOURCES += utils.h
 
 libwebputilsinclude_HEADERS = ../webp/types.h
 libwebputilsincludedir = $(includedir)/webp
diff --git a/src/utils/utils.c b/src/utils/utils.c
new file mode 100644
index 00000000..673b7e28
--- /dev/null
+++ b/src/utils/utils.c
@@ -0,0 +1,44 @@
+// Copyright 2012 Google Inc. All Rights Reserved.
+//
+// This code is licensed under the same terms as WebM:
+//  Software License Agreement:  http://www.webmproject.org/license/software/
+//  Additional IP Rights Grant:  http://www.webmproject.org/license/additional/
+// -----------------------------------------------------------------------------
+//
+// Misc. common utility functions
+//
+// Author: Skal (pascal.massimino@gmail.com)
+
+#include <stdlib.h>
+#include "./utils.h"
+
+#if defined(__cplusplus) || defined(c_plusplus)
+extern "C" {
+#endif
+
+//------------------------------------------------------------------------------
+// Checked memory allocation
+
+static int CheckSizeArguments(uint64_t nmemb, size_t size) {
+  const uint64_t total_size = nmemb * size;
+  if (nmemb == 0) return 1;
+  if ((uint64_t)size > WEBP_MAX_ALLOCABLE_MEMORY / nmemb) return 0;
+  if (total_size != (size_t)total_size) return 0;
+  return 1;
+}
+
+void* WebPSafeMalloc(uint64_t nmemb, size_t size) {
+  if (!CheckSizeArguments(nmemb, size)) return NULL;
+  return malloc((size_t)(nmemb * size));
+}
+
+void* WebPSafeCalloc(uint64_t nmemb, size_t size) {
+  if (!CheckSizeArguments(nmemb, size)) return NULL;
+  return calloc((size_t)nmemb, size);
+}
+
+//------------------------------------------------------------------------------
+
+#if defined(__cplusplus) || defined(c_plusplus)
+}    // extern "C"
+#endif
diff --git a/src/utils/utils.h b/src/utils/utils.h
new file mode 100644
index 00000000..a0347625
--- /dev/null
+++ b/src/utils/utils.h
@@ -0,0 +1,44 @@
+// Copyright 2012 Google Inc. All Rights Reserved.
+//
+// This code is licensed under the same terms as WebM:
+//  Software License Agreement:  http://www.webmproject.org/license/software/
+//  Additional IP Rights Grant:  http://www.webmproject.org/license/additional/
+// -----------------------------------------------------------------------------
+//
+// Misc. common utility functions
+//
+// Author: Skal (pascal.massimino@gmail.com)
+
+#ifndef WEBP_UTILS_UTILS_H_
+#define WEBP_UTILS_UTILS_H_
+
+#include "../webp/types.h"
+
+#if defined(__cplusplus) || defined(c_plusplus)
+extern "C" {
+#endif
+
+//------------------------------------------------------------------------------
+// Memory allocation
+
+// This is the maximum memory amount that libwebp will ever try to allocate.
+#define WEBP_MAX_ALLOCABLE_MEMORY (1ULL << 40)
+
+// size-checking safe malloc/calloc: verify that the requested size is not too
+// large, or return NULL. You don't need to call these for constructs like
+// malloc(sizeof(foo)), but only if there's picture-dependent size involved
+// somewhere (like: malloc(num_pixels * sizeof(*something))). That's why this
+// safe malloc() borrows the signature from calloc(), pointing at the dangerous
+// underlying multiply involved.
+void* WebPSafeMalloc(uint64_t nmemb, size_t size);
+// Note that WebPSafeCalloc() expects the second argument type to be 'size_t'
+// in order to favor the "calloc(num_foo, sizeof(foo))" pattern.
+void* WebPSafeCalloc(uint64_t nmemb, size_t size);
+
+//------------------------------------------------------------------------------
+
+#if defined(__cplusplus) || defined(c_plusplus)
+}    // extern "C"
+#endif
+
+#endif  /* WEBP_UTILS_UTILS_H_ */