1 files changed, 40 insertions, 5 deletions
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index 3bb4ad8326..24e6b3bc53 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -30,7 +30,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: malloc.3,v 1.42 2006/01/18 06:36:05 jakemsr Exp $
+.\"     $OpenBSD: malloc.3,v 1.43 2006/03/26 19:56:08 ray Exp $
 .\"
 .Dd August 27, 1996
 .Dt MALLOC 3
@@ -83,6 +83,29 @@ The minimum size of the protection on each object is suitably aligned and
 sized as previously stated, but the protection may extend further depending
 on where in a protected zone the object lands.
 .Pp
+When using
+.Fn malloc
+be careful to avoid the following idiom:
+.Bd -literal -offset indent
+if ((p = malloc(num * size)) == NULL)
+        err(1, "malloc");
+.Ed
+.Pp
+The multiplication may lead to an integer overflow.
+To avoid this,
+.Fn calloc
+is recommended.
+.Pp
+If
+.Fn malloc
+must be used, be sure to test for overflow:
+.Bd -literal -offset indent
+if (num && size && SIZE_T_MAX / num < size) {
+        errno = ENOMEM;
+        err(1, "overflow");
+}
+.Ed
+.Pp
 The
 .Fn calloc
 function allocates space for an array of
@@ -90,6 +113,10 @@ function allocates space for an array of
 objects, each of whose size is
 .Fa size .
 The space is initialized to all bits zero.
+The use of
+.Fn calloc
+is strongly encouraged when allocating multiple sized objects
+in order to avoid possible integer overflows.
 .Pp
 The
 .Fn free
@@ -140,7 +167,7 @@ object is returned.
 .Pp
 When using
 .Fn realloc
-one must be careful to avoid the following idiom:
+be careful to avoid the following idiom:
 .Bd -literal -offset indent
 size += 50;
 if ((p = realloc(p, size)) == NULL)
@@ -148,7 +175,7 @@ if ((p = realloc(p, size)) == NULL)
 .Ed
 .Pp
 Do not adjust the variable describing how much memory has been allocated
-until one knows the allocation has been successful.
+until the allocation has been successful.
 This can cause aberrant program behavior if the incorrect size value is used.
 In most cases, the above sample will also result in a leak of memory.
 As stated earlier, a return value of
@@ -167,6 +194,15 @@ p = newp;
 size = newsize;
 .Ed
 .Pp
+As with
+.Fn malloc
+it is important to ensure the new size value will not overflow;
+i.e. avoid allocations like the following:
+.Bd -literal -offset indent
+if ((newp = realloc(p, num * size)) == NULL) {
+        ...
+.Ed
+.Pp
 Malloc will first look for a symbolic link called
 .Pa /etc/malloc.conf
 and next check the environment for a variable called
@@ -255,8 +291,7 @@ Reduce the size of the cache by a factor of two.
 Double the size of the cache by a factor of two.
 .El
 .Pp
-So to set a systemwide reduction of cache size and coredumps on problems
+So to set a systemwide reduction of cache size and coredumps on problems:
-one would:
 .Li ln -s 'A<' /etc/malloc.conf
 .Pp
 The

diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index 3bb4ad8326..24e6b3bc53 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3
@@ -30,7 +30,7 @@
30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	.\" SUCH DAMAGE.	31	.\" SUCH DAMAGE.
32	.\"	32	.\"
33	.\" $OpenBSD: malloc.3,v 1.42 2006/01/18 06:36:05 jakemsr Exp $	33	.\" $OpenBSD: malloc.3,v 1.43 2006/03/26 19:56:08 ray Exp $
34	.\"	34	.\"
35	.Dd August 27, 1996	35	.Dd August 27, 1996
36	.Dt MALLOC 3	36	.Dt MALLOC 3
@@ -83,6 +83,29 @@ The minimum size of the protection on each object is suitably aligned and
83	sized as previously stated, but the protection may extend further depending	83	sized as previously stated, but the protection may extend further depending
84	on where in a protected zone the object lands.	84	on where in a protected zone the object lands.
85	.Pp	85	.Pp
		86	When using
		87	.Fn malloc
		88	be careful to avoid the following idiom:
		89	.Bd -literal -offset indent
		90	if ((p = malloc(num * size)) == NULL)
		91	err(1, "malloc");
		92	.Ed
		93	.Pp
		94	The multiplication may lead to an integer overflow.
		95	To avoid this,
		96	.Fn calloc
		97	is recommended.
		98	.Pp
		99	If
		100	.Fn malloc
		101	must be used, be sure to test for overflow:
		102	.Bd -literal -offset indent
		103	if (num && size && SIZE_T_MAX / num < size) {
		104	errno = ENOMEM;
		105	err(1, "overflow");
		106	}
		107	.Ed
		108	.Pp
86	The	109	The
87	.Fn calloc	110	.Fn calloc
88	function allocates space for an array of	111	function allocates space for an array of
@@ -90,6 +113,10 @@ function allocates space for an array of
90	objects, each of whose size is	113	objects, each of whose size is
91	.Fa size .	114	.Fa size .
92	The space is initialized to all bits zero.	115	The space is initialized to all bits zero.
		116	The use of
		117	.Fn calloc
		118	is strongly encouraged when allocating multiple sized objects
		119	in order to avoid possible integer overflows.
93	.Pp	120	.Pp
94	The	121	The
95	.Fn free	122	.Fn free
@@ -140,7 +167,7 @@ object is returned.
140	.Pp	167	.Pp
141	When using	168	When using
142	.Fn realloc	169	.Fn realloc
143	one must be careful to avoid the following idiom:	170	be careful to avoid the following idiom:
144	.Bd -literal -offset indent	171	.Bd -literal -offset indent
145	size += 50;	172	size += 50;
146	if ((p = realloc(p, size)) == NULL)	173	if ((p = realloc(p, size)) == NULL)
@@ -148,7 +175,7 @@ if ((p = realloc(p, size)) == NULL)
148	.Ed	175	.Ed
149	.Pp	176	.Pp
150	Do not adjust the variable describing how much memory has been allocated	177	Do not adjust the variable describing how much memory has been allocated
151	until one knows the allocation has been successful.	178	until the allocation has been successful.
152	This can cause aberrant program behavior if the incorrect size value is used.	179	This can cause aberrant program behavior if the incorrect size value is used.
153	In most cases, the above sample will also result in a leak of memory.	180	In most cases, the above sample will also result in a leak of memory.
154	As stated earlier, a return value of	181	As stated earlier, a return value of
@@ -167,6 +194,15 @@ p = newp;
167	size = newsize;	194	size = newsize;
168	.Ed	195	.Ed
169	.Pp	196	.Pp
		197	As with
		198	.Fn malloc
		199	it is important to ensure the new size value will not overflow;
		200	i.e. avoid allocations like the following:
		201	.Bd -literal -offset indent
		202	if ((newp = realloc(p, num * size)) == NULL) {
		203	...
		204	.Ed
		205	.Pp
170	Malloc will first look for a symbolic link called	206	Malloc will first look for a symbolic link called
171	.Pa /etc/malloc.conf	207	.Pa /etc/malloc.conf
172	and next check the environment for a variable called	208	and next check the environment for a variable called
@@ -255,8 +291,7 @@ Reduce the size of the cache by a factor of two.
255	Double the size of the cache by a factor of two.	291	Double the size of the cache by a factor of two.
256	.El	292	.El
257	.Pp	293	.Pp
258	So to set a systemwide reduction of cache size and coredumps on problems	294	So to set a systemwide reduction of cache size and coredumps on problems:
259	one would:
260	.Li ln -s 'A<' /etc/malloc.conf	295	.Li ln -s 'A<' /etc/malloc.conf
261	.Pp	296	.Pp
262	The	297	The