[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Extract tor_malloc and friends to a new module.
commit e066966bf48b4f6ca557175cb2ab3e2dffa5b1db
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu Jun 21 15:17:54 2018 -0400
Extract tor_malloc and friends to a new module.
---
.gitignore | 2 +
Makefile.am | 2 +
src/common/util.c | 210 ---------------------------------------
src/common/util.h | 71 +------------
src/include.am | 1 +
src/lib/malloc/.may_include | 6 ++
src/lib/malloc/include.am | 17 ++++
src/lib/malloc/util_malloc.c | 231 +++++++++++++++++++++++++++++++++++++++++++
src/lib/malloc/util_malloc.h | 90 +++++++++++++++++
src/rust/build.rs | 1 +
src/test/test_util.c | 2 +-
11 files changed, 352 insertions(+), 281 deletions(-)
diff --git a/.gitignore b/.gitignore
index 07fa3afac..c5da8e423 100644
--- a/.gitignore
+++ b/.gitignore
@@ -171,6 +171,8 @@ uptime-*.json
/src/lib/libtor-ctime-testing.a
/src/lib/libtor-err.a
/src/lib/libtor-err-testing.a
+/src/lib/libtor-malloc.a
+/src/lib/libtor-malloc-testing.a
/src/lib/libtor-tls.a
/src/lib/libtor-tls-testing.a
/src/lib/libtor-trace.a
diff --git a/Makefile.am b/Makefile.am
index 38e79eb7c..960417df9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -40,6 +40,7 @@ endif
# "Common" libraries used to link tor's utility code.
TOR_UTIL_LIBS = \
src/common/libor.a \
+ src/lib/libtor-malloc.a \
src/lib/libtor-err.a \
src/lib/libtor-ctime.a
@@ -47,6 +48,7 @@ TOR_UTIL_LIBS = \
# and tests)
TOR_UTIL_TESTING_LIBS = \
src/common/libor-testing.a \
+ src/lib/libtor-malloc-testing.a \
src/lib/libtor-err-testing.a \
src/lib/libtor-ctime-testing.a
diff --git a/src/common/util.c b/src/common/util.c
index fd1bb815d..d09d19415 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -95,219 +95,10 @@
#include <sys/prctl.h>
#endif
-#ifdef __clang_analyzer__
-#undef MALLOC_ZERO_WORKS
-#endif
-
/* =====
* Memory management
* ===== */
-/** Allocate a chunk of <b>size</b> bytes of memory, and return a pointer to
- * result. On error, log and terminate the process. (Same as malloc(size),
- * but never returns NULL.)
- */
-void *
-tor_malloc_(size_t size)
-{
- void *result;
-
- raw_assert(size < SIZE_T_CEILING);
-
-#ifndef MALLOC_ZERO_WORKS
- /* Some libc mallocs don't work when size==0. Override them. */
- if (size==0) {
- size=1;
- }
-#endif /* !defined(MALLOC_ZERO_WORKS) */
-
- result = raw_malloc(size);
-
- if (PREDICT_UNLIKELY(result == NULL)) {
- /* LCOV_EXCL_START */
- /* If these functions die within a worker process, they won't call
- * spawn_exit, but that's ok, since the parent will run out of memory soon
- * anyway. */
- raw_assert_unreached_msg("Out of memory on malloc(). Dying.");
- /* LCOV_EXCL_STOP */
- }
- return result;
-}
-
-/** Allocate a chunk of <b>size</b> bytes of memory, fill the memory with
- * zero bytes, and return a pointer to the result. Log and terminate
- * the process on error. (Same as calloc(size,1), but never returns NULL.)
- */
-void *
-tor_malloc_zero_(size_t size)
-{
- /* You may ask yourself, "wouldn't it be smart to use calloc instead of
- * malloc+memset? Perhaps libc's calloc knows some nifty optimization trick
- * we don't!" Indeed it does, but its optimizations are only a big win when
- * we're allocating something very big (it knows if it just got the memory
- * from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero
- * for big stuff, so we don't bother with calloc. */
- void *result = tor_malloc_(size);
- memset(result, 0, size);
- return result;
-}
-
-/* The square root of SIZE_MAX + 1. If a is less than this, and b is less
- * than this, then a*b is less than SIZE_MAX. (For example, if size_t is
- * 32 bits, then SIZE_MAX is 0xffffffff and this value is 0x10000. If a and
- * b are less than this, then their product is at most (65535*65535) ==
- * 0xfffe0001. */
-#define SQRT_SIZE_MAX_P1 (((size_t)1) << (sizeof(size_t)*4))
-
-/** Return non-zero if and only if the product of the arguments is exact,
- * and cannot overflow. */
-int
-size_mul_check(const size_t x, const size_t y)
-{
- /* This first check is equivalent to
- (x < SQRT_SIZE_MAX_P1 && y < SQRT_SIZE_MAX_P1)
-
- Rationale: if either one of x or y is >= SQRT_SIZE_MAX_P1, then it
- will have some bit set in its most significant half.
- */
- return ((x|y) < SQRT_SIZE_MAX_P1 ||
- y == 0 ||
- x <= SIZE_MAX / y);
-}
-
-/** Allocate a chunk of <b>nmemb</b>*<b>size</b> bytes of memory, fill
- * the memory with zero bytes, and return a pointer to the result.
- * Log and terminate the process on error. (Same as
- * calloc(<b>nmemb</b>,<b>size</b>), but never returns NULL.)
- * The second argument (<b>size</b>) should preferably be non-zero
- * and a compile-time constant.
- */
-void *
-tor_calloc_(size_t nmemb, size_t size)
-{
- raw_assert(size_mul_check(nmemb, size));
- return tor_malloc_zero_((nmemb * size));
-}
-
-/** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
- * bytes long; return the new memory block. On error, log and
- * terminate. (Like realloc(ptr,size), but never returns NULL.)
- */
-void *
-tor_realloc_(void *ptr, size_t size)
-{
- void *result;
-
- raw_assert(size < SIZE_T_CEILING);
-
-#ifndef MALLOC_ZERO_WORKS
- /* Some libc mallocs don't work when size==0. Override them. */
- if (size==0) {
- size=1;
- }
-#endif /* !defined(MALLOC_ZERO_WORKS) */
-
- result = raw_realloc(ptr, size);
-
- if (PREDICT_UNLIKELY(result == NULL)) {
- /* LCOV_EXCL_START */
- raw_assert_unreached_msg("Out of memory on realloc(). Dying.");
- /* LCOV_EXCL_STOP */
- }
- return result;
-}
-
-/**
- * Try to realloc <b>ptr</b> so that it takes up sz1 * sz2 bytes. Check for
- * overflow. Unlike other allocation functions, return NULL on overflow.
- */
-void *
-tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
-{
- /* XXXX we can make this return 0, but we would need to check all the
- * reallocarray users. */
- raw_assert(size_mul_check(sz1, sz2));
-
- return tor_realloc(ptr, (sz1 * sz2));
-}
-
-/** Return a newly allocated copy of the NUL-terminated string s. On
- * error, log and terminate. (Like strdup(s), but never returns
- * NULL.)
- */
-char *
-tor_strdup_(const char *s)
-{
- char *duplicate;
- raw_assert(s);
-
- duplicate = raw_strdup(s);
-
- if (PREDICT_UNLIKELY(duplicate == NULL)) {
- /* LCOV_EXCL_START */
- raw_assert_unreached_msg("Out of memory on strdup(). Dying.");
- /* LCOV_EXCL_STOP */
- }
- return duplicate;
-}
-
-/** Allocate and return a new string containing the first <b>n</b>
- * characters of <b>s</b>. If <b>s</b> is longer than <b>n</b>
- * characters, only the first <b>n</b> are copied. The result is
- * always NUL-terminated. (Like strndup(s,n), but never returns
- * NULL.)
- */
-char *
-tor_strndup_(const char *s, size_t n)
-{
- char *duplicate;
- raw_assert(s);
- raw_assert(n < SIZE_T_CEILING);
- duplicate = tor_malloc_((n+1));
- /* Performance note: Ordinarily we prefer strlcpy to strncpy. But
- * this function gets called a whole lot, and platform strncpy is
- * much faster than strlcpy when strlen(s) is much longer than n.
- */
- strncpy(duplicate, s, n);
- duplicate[n]='\0';
- return duplicate;
-}
-
-/** Allocate a chunk of <b>len</b> bytes, with the same contents as the
- * <b>len</b> bytes starting at <b>mem</b>. */
-void *
-tor_memdup_(const void *mem, size_t len)
-{
- char *duplicate;
- raw_assert(len < SIZE_T_CEILING);
- raw_assert(mem);
- duplicate = tor_malloc_(len);
- memcpy(duplicate, mem, len);
- return duplicate;
-}
-
-/** As tor_memdup(), but add an extra 0 byte at the end of the resulting
- * memory. */
-void *
-tor_memdup_nulterm_(const void *mem, size_t len)
-{
- char *duplicate;
- raw_assert(len < SIZE_T_CEILING+1);
- raw_assert(mem);
- duplicate = tor_malloc_(len+1);
- memcpy(duplicate, mem, len);
- duplicate[len] = '\0';
- return duplicate;
-}
-
-/** Helper for places that need to take a function pointer to the right
- * spelling of "free()". */
-void
-tor_free_(void *mem)
-{
- tor_free(mem);
-}
-
DISABLE_GCC_WARNING(aggregate-return)
/** Call the platform malloc info function, and dump the results to the log at
* level <b>severity</b>. If no such function exists, do nothing. */
@@ -5252,4 +5043,3 @@ tor_ntohll(uint64_t a)
{
return tor_htonll(a);
}
-
diff --git a/src/common/util.h b/src/common/util.h
index d1528886c..bc29ddbe2 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -23,6 +23,7 @@
#include <sys/stat.h>
#endif
#include "lib/err/torerr.h"
+#include "lib/malloc/util_malloc.h"
#include "common/util_bug.h"
#ifndef O_BINARY
@@ -35,79 +36,11 @@
#define O_NOFOLLOW 0
#endif
-/* Memory management */
-void *tor_malloc_(size_t size) ATTR_MALLOC;
-void *tor_malloc_zero_(size_t size) ATTR_MALLOC;
-void *tor_calloc_(size_t nmemb, size_t size) ATTR_MALLOC;
-void *tor_realloc_(void *ptr, size_t size);
-void *tor_reallocarray_(void *ptr, size_t size1, size_t size2);
-char *tor_strdup_(const char *s) ATTR_MALLOC ATTR_NONNULL((1));
-char *tor_strndup_(const char *s, size_t n)
- ATTR_MALLOC ATTR_NONNULL((1));
-void *tor_memdup_(const void *mem, size_t len)
- ATTR_MALLOC ATTR_NONNULL((1));
-void *tor_memdup_nulterm_(const void *mem, size_t len)
- ATTR_MALLOC ATTR_NONNULL((1));
-void tor_free_(void *mem);
uint64_t tor_htonll(uint64_t a);
uint64_t tor_ntohll(uint64_t a);
-/** Release memory allocated by tor_malloc, tor_realloc, tor_strdup,
- * etc. Unlike the free() function, the tor_free() macro sets the
- * pointer value to NULL after freeing it.
- *
- * This is a macro. If you need a function pointer to release memory from
- * tor_malloc(), use tor_free_().
- *
- * Note that this macro takes the address of the pointer it is going to
- * free and clear. If that pointer is stored with a nonstandard
- * alignment (eg because of a "packed" pragma) it is not correct to use
- * tor_free().
- */
-#ifdef __GNUC__
-#define tor_free(p) STMT_BEGIN \
- typeof(&(p)) tor_free__tmpvar = &(p); \
- raw_free(*tor_free__tmpvar); \
- *tor_free__tmpvar=NULL; \
- STMT_END
-#else
-#define tor_free(p) STMT_BEGIN \
- raw_free(p); \
- (p)=NULL; \
- STMT_END
-#endif
-
-#define tor_malloc(size) tor_malloc_(size)
-#define tor_malloc_zero(size) tor_malloc_zero_(size)
-#define tor_calloc(nmemb,size) tor_calloc_(nmemb, size)
-#define tor_realloc(ptr, size) tor_realloc_(ptr, size)
-#define tor_reallocarray(ptr, sz1, sz2) \
- tor_reallocarray_((ptr), (sz1), (sz2))
-#define tor_strdup(s) tor_strdup_(s)
-#define tor_strndup(s, n) tor_strndup_(s, n)
-#define tor_memdup(s, n) tor_memdup_(s, n)
-#define tor_memdup_nulterm(s, n) tor_memdup_nulterm_(s, n)
-
-/* Aliases for the underlying system malloc/realloc/free. Only use
- * them to indicate "I really want the underlying system function, I know
- * what I'm doing." */
-#define raw_malloc malloc
-#define raw_realloc realloc
-#define raw_free free
-#define raw_strdup strdup
void tor_log_mallinfo(int severity);
-/* Helper macro: free a variable of type 'typename' using freefn, and
- * set the variable to NULL.
- */
-#define FREE_AND_NULL(typename, freefn, var) \
- do { \
- /* only evaluate (var) once. */ \
- typename **tmp__free__ptr ## freefn = &(var); \
- freefn(*tmp__free__ptr ## freefn); \
- (*tmp__free__ptr ## freefn) = NULL; \
- } while (0)
-
/** Macro: yield a pointer to the field at position <b>off</b> within the
* structure <b>st</b>. Example:
* <pre>
@@ -538,8 +471,6 @@ STATIC int format_helper_exit_status(unsigned char child_state,
#endif /* defined(UTIL_PRIVATE) */
-int size_mul_check(const size_t x, const size_t y);
-
#define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0]))
#endif /* !defined(TOR_UTIL_H) */
diff --git a/src/include.am b/src/include.am
index c70a68188..46569a4b4 100644
--- a/src/include.am
+++ b/src/include.am
@@ -5,6 +5,7 @@ include src/lib/ctime/include.am
include src/lib/compress/include.am
include src/lib/crypt_ops/include.am
include src/lib/include.libdonna.am
+include src/lib/malloc/include.am
include src/lib/testsupport/include.am
include src/lib/tls/include.am
include src/lib/trace/include.am
diff --git a/src/lib/malloc/.may_include b/src/lib/malloc/.may_include
new file mode 100644
index 000000000..cc62bb101
--- /dev/null
+++ b/src/lib/malloc/.may_include
@@ -0,0 +1,6 @@
+orconfig.h
+
+lib/cc/*.h
+lib/err/*.h
+lib/malloc/*.h
+lib/testsupport/testsupport.h
diff --git a/src/lib/malloc/include.am b/src/lib/malloc/include.am
new file mode 100644
index 000000000..b4c5cae54
--- /dev/null
+++ b/src/lib/malloc/include.am
@@ -0,0 +1,17 @@
+
+noinst_LIBRARIES += src/lib/libtor-malloc.a
+
+if UNITTESTS_ENABLED
+noinst_LIBRARIES += src/lib/libtor-malloc-testing.a
+endif
+
+src_lib_libtor_malloc_a_SOURCES = \
+ src/lib/malloc/util_malloc.c
+
+src_lib_libtor_malloc_testing_a_SOURCES = \
+ $(src_lib_libtor_malloc_a_SOURCES)
+src_lib_libtor_malloc_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_lib_libtor_malloc_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+
+noinst_HEADERS += \
+ src/lib/malloc/util_malloc.h
diff --git a/src/lib/malloc/util_malloc.c b/src/lib/malloc/util_malloc.c
new file mode 100644
index 000000000..4a0b3a933
--- /dev/null
+++ b/src/lib/malloc/util_malloc.c
@@ -0,0 +1,231 @@
+/* Copyright (c) 2003, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file util_malloc.c
+ * \brief Wrappers for C malloc code, and replacements for items that
+ * may be missing.
+ **/
+
+#include "orconfig.h"
+
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "lib/testsupport/testsupport.h"
+#define UTIL_MALLOC_PRIVATE
+#include "lib/malloc/util_malloc.h"
+#include "lib/cc/torint.h"
+#include "lib/err/torerr.h"
+
+#ifdef __clang_analyzer__
+#undef MALLOC_ZERO_WORKS
+#endif
+
+/** Allocate a chunk of <b>size</b> bytes of memory, and return a pointer to
+ * result. On error, log and terminate the process. (Same as malloc(size),
+ * but never returns NULL.)
+ */
+void *
+tor_malloc_(size_t size)
+{
+ void *result;
+
+ raw_assert(size < SIZE_T_CEILING);
+
+#ifndef MALLOC_ZERO_WORKS
+ /* Some libc mallocs don't work when size==0. Override them. */
+ if (size==0) {
+ size=1;
+ }
+#endif /* !defined(MALLOC_ZERO_WORKS) */
+
+ result = raw_malloc(size);
+
+ if (PREDICT_UNLIKELY(result == NULL)) {
+ /* LCOV_EXCL_START */
+ /* If these functions die within a worker process, they won't call
+ * spawn_exit, but that's ok, since the parent will run out of memory soon
+ * anyway. */
+ raw_assert_unreached_msg("Out of memory on malloc(). Dying.");
+ /* LCOV_EXCL_STOP */
+ }
+ return result;
+}
+
+/** Allocate a chunk of <b>size</b> bytes of memory, fill the memory with
+ * zero bytes, and return a pointer to the result. Log and terminate
+ * the process on error. (Same as calloc(size,1), but never returns NULL.)
+ */
+void *
+tor_malloc_zero_(size_t size)
+{
+ /* You may ask yourself, "wouldn't it be smart to use calloc instead of
+ * malloc+memset? Perhaps libc's calloc knows some nifty optimization trick
+ * we don't!" Indeed it does, but its optimizations are only a big win when
+ * we're allocating something very big (it knows if it just got the memory
+ * from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero
+ * for big stuff, so we don't bother with calloc. */
+ void *result = tor_malloc_(size);
+ memset(result, 0, size);
+ return result;
+}
+
+/* The square root of SIZE_MAX + 1. If a is less than this, and b is less
+ * than this, then a*b is less than SIZE_MAX. (For example, if size_t is
+ * 32 bits, then SIZE_MAX is 0xffffffff and this value is 0x10000. If a and
+ * b are less than this, then their product is at most (65535*65535) ==
+ * 0xfffe0001. */
+#define SQRT_SIZE_MAX_P1 (((size_t)1) << (sizeof(size_t)*4))
+
+/** Return non-zero if and only if the product of the arguments is exact,
+ * and cannot overflow. */
+STATIC int
+size_mul_check(const size_t x, const size_t y)
+{
+ /* This first check is equivalent to
+ (x < SQRT_SIZE_MAX_P1 && y < SQRT_SIZE_MAX_P1)
+
+ Rationale: if either one of x or y is >= SQRT_SIZE_MAX_P1, then it
+ will have some bit set in its most significant half.
+ */
+ return ((x|y) < SQRT_SIZE_MAX_P1 ||
+ y == 0 ||
+ x <= SIZE_MAX / y);
+}
+
+/** Allocate a chunk of <b>nmemb</b>*<b>size</b> bytes of memory, fill
+ * the memory with zero bytes, and return a pointer to the result.
+ * Log and terminate the process on error. (Same as
+ * calloc(<b>nmemb</b>,<b>size</b>), but never returns NULL.)
+ * The second argument (<b>size</b>) should preferably be non-zero
+ * and a compile-time constant.
+ */
+void *
+tor_calloc_(size_t nmemb, size_t size)
+{
+ raw_assert(size_mul_check(nmemb, size));
+ return tor_malloc_zero_((nmemb * size));
+}
+
+/** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
+ * bytes long; return the new memory block. On error, log and
+ * terminate. (Like realloc(ptr,size), but never returns NULL.)
+ */
+void *
+tor_realloc_(void *ptr, size_t size)
+{
+ void *result;
+
+ raw_assert(size < SIZE_T_CEILING);
+
+#ifndef MALLOC_ZERO_WORKS
+ /* Some libc mallocs don't work when size==0. Override them. */
+ if (size==0) {
+ size=1;
+ }
+#endif /* !defined(MALLOC_ZERO_WORKS) */
+
+ result = raw_realloc(ptr, size);
+
+ if (PREDICT_UNLIKELY(result == NULL)) {
+ /* LCOV_EXCL_START */
+ raw_assert_unreached_msg("Out of memory on realloc(). Dying.");
+ /* LCOV_EXCL_STOP */
+ }
+ return result;
+}
+
+/**
+ * Try to realloc <b>ptr</b> so that it takes up sz1 * sz2 bytes. Check for
+ * overflow. Unlike other allocation functions, return NULL on overflow.
+ */
+void *
+tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
+{
+ /* XXXX we can make this return 0, but we would need to check all the
+ * reallocarray users. */
+ raw_assert(size_mul_check(sz1, sz2));
+
+ return tor_realloc(ptr, (sz1 * sz2));
+}
+
+/** Return a newly allocated copy of the NUL-terminated string s. On
+ * error, log and terminate. (Like strdup(s), but never returns
+ * NULL.)
+ */
+char *
+tor_strdup_(const char *s)
+{
+ char *duplicate;
+ raw_assert(s);
+
+ duplicate = raw_strdup(s);
+
+ if (PREDICT_UNLIKELY(duplicate == NULL)) {
+ /* LCOV_EXCL_START */
+ raw_assert_unreached_msg("Out of memory on strdup(). Dying.");
+ /* LCOV_EXCL_STOP */
+ }
+ return duplicate;
+}
+
+/** Allocate and return a new string containing the first <b>n</b>
+ * characters of <b>s</b>. If <b>s</b> is longer than <b>n</b>
+ * characters, only the first <b>n</b> are copied. The result is
+ * always NUL-terminated. (Like strndup(s,n), but never returns
+ * NULL.)
+ */
+char *
+tor_strndup_(const char *s, size_t n)
+{
+ char *duplicate;
+ raw_assert(s);
+ raw_assert(n < SIZE_T_CEILING);
+ duplicate = tor_malloc_((n+1));
+ /* Performance note: Ordinarily we prefer strlcpy to strncpy. But
+ * this function gets called a whole lot, and platform strncpy is
+ * much faster than strlcpy when strlen(s) is much longer than n.
+ */
+ strncpy(duplicate, s, n);
+ duplicate[n]='\0';
+ return duplicate;
+}
+
+/** Allocate a chunk of <b>len</b> bytes, with the same contents as the
+ * <b>len</b> bytes starting at <b>mem</b>. */
+void *
+tor_memdup_(const void *mem, size_t len)
+{
+ char *duplicate;
+ raw_assert(len < SIZE_T_CEILING);
+ raw_assert(mem);
+ duplicate = tor_malloc_(len);
+ memcpy(duplicate, mem, len);
+ return duplicate;
+}
+
+/** As tor_memdup(), but add an extra 0 byte at the end of the resulting
+ * memory. */
+void *
+tor_memdup_nulterm_(const void *mem, size_t len)
+{
+ char *duplicate;
+ raw_assert(len < SIZE_T_CEILING+1);
+ raw_assert(mem);
+ duplicate = tor_malloc_(len+1);
+ memcpy(duplicate, mem, len);
+ duplicate[len] = '\0';
+ return duplicate;
+}
+
+/** Helper for places that need to take a function pointer to the right
+ * spelling of "free()". */
+void
+tor_free_(void *mem)
+{
+ tor_free(mem);
+}
diff --git a/src/lib/malloc/util_malloc.h b/src/lib/malloc/util_malloc.h
new file mode 100644
index 000000000..3da40351c
--- /dev/null
+++ b/src/lib/malloc/util_malloc.h
@@ -0,0 +1,90 @@
+/* Copyright (c) 2003-2004, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file util_malloc.h
+ * \brief Headers for util_malloc.c
+ **/
+
+#ifndef TOR_UTIL_MALLOC_H
+#define TOR_UTIL_MALLOC_H
+
+#include "lib/cc/compat_compiler.h"
+
+/* Memory management */
+void *tor_malloc_(size_t size) ATTR_MALLOC;
+void *tor_malloc_zero_(size_t size) ATTR_MALLOC;
+void *tor_calloc_(size_t nmemb, size_t size) ATTR_MALLOC;
+void *tor_realloc_(void *ptr, size_t size);
+void *tor_reallocarray_(void *ptr, size_t size1, size_t size2);
+char *tor_strdup_(const char *s) ATTR_MALLOC ATTR_NONNULL((1));
+char *tor_strndup_(const char *s, size_t n)
+ ATTR_MALLOC ATTR_NONNULL((1));
+void *tor_memdup_(const void *mem, size_t len)
+ ATTR_MALLOC ATTR_NONNULL((1));
+void *tor_memdup_nulterm_(const void *mem, size_t len)
+ ATTR_MALLOC ATTR_NONNULL((1));
+void tor_free_(void *mem);
+
+/** Release memory allocated by tor_malloc, tor_realloc, tor_strdup,
+ * etc. Unlike the free() function, the tor_free() macro sets the
+ * pointer value to NULL after freeing it.
+ *
+ * This is a macro. If you need a function pointer to release memory from
+ * tor_malloc(), use tor_free_().
+ *
+ * Note that this macro takes the address of the pointer it is going to
+ * free and clear. If that pointer is stored with a nonstandard
+ * alignment (eg because of a "packed" pragma) it is not correct to use
+ * tor_free().
+ */
+#ifdef __GNUC__
+#define tor_free(p) STMT_BEGIN \
+ typeof(&(p)) tor_free__tmpvar = &(p); \
+ raw_free(*tor_free__tmpvar); \
+ *tor_free__tmpvar=NULL; \
+ STMT_END
+#else
+#define tor_free(p) STMT_BEGIN \
+ raw_free(p); \
+ (p)=NULL; \
+ STMT_END
+#endif
+
+#define tor_malloc(size) tor_malloc_(size)
+#define tor_malloc_zero(size) tor_malloc_zero_(size)
+#define tor_calloc(nmemb,size) tor_calloc_(nmemb, size)
+#define tor_realloc(ptr, size) tor_realloc_(ptr, size)
+#define tor_reallocarray(ptr, sz1, sz2) \
+ tor_reallocarray_((ptr), (sz1), (sz2))
+#define tor_strdup(s) tor_strdup_(s)
+#define tor_strndup(s, n) tor_strndup_(s, n)
+#define tor_memdup(s, n) tor_memdup_(s, n)
+#define tor_memdup_nulterm(s, n) tor_memdup_nulterm_(s, n)
+
+/* Aliases for the underlying system malloc/realloc/free. Only use
+ * them to indicate "I really want the underlying system function, I know
+ * what I'm doing." */
+#define raw_malloc malloc
+#define raw_realloc realloc
+#define raw_free free
+#define raw_strdup strdup
+
+/* Helper macro: free a variable of type 'typename' using freefn, and
+ * set the variable to NULL.
+ */
+#define FREE_AND_NULL(typename, freefn, var) \
+ do { \
+ /* only evaluate (var) once. */ \
+ typename **tmp__free__ptr ## freefn = &(var); \
+ freefn(*tmp__free__ptr ## freefn); \
+ (*tmp__free__ptr ## freefn) = NULL; \
+ } while (0)
+
+#ifdef UTIL_MALLOC_PRIVATE
+STATIC int size_mul_check(const size_t x, const size_t y);
+#endif
+
+#endif /* !defined(TOR_UTIL_MALLOC_H) */
diff --git a/src/rust/build.rs b/src/rust/build.rs
index 8b0ea8ed6..acbedd4d4 100644
--- a/src/rust/build.rs
+++ b/src/rust/build.rs
@@ -151,6 +151,7 @@ pub fn main() {
// moving forward!
cfg.component("tor-crypt-ops-testing");
cfg.component("or-testing");
+ cfg.component("tor-malloc");
cfg.component("tor-err-testing");
cfg.component("or-event-testing");
cfg.component("tor-ctime-testing");
diff --git a/src/test/test_util.c b/src/test/test_util.c
index a766f8457..69c1f3c84 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -8,6 +8,7 @@
#define COMPAT_TIME_PRIVATE
#define CONTROL_PRIVATE
#define UTIL_PRIVATE
+#define UTIL_MALLOC_PRIVATE
#include "or/or.h"
#include "common/buffers.h"
#include "or/config.h"
@@ -6316,4 +6317,3 @@ struct testcase_t util_tests[] = {
UTIL_TEST(get_unquoted_path, 0),
END_OF_TESTCASES
};
-
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits