19 | | /* The following 2 functions check that the result of the multiplication */ |
20 | | /* does not overflow the limits of size_t. 0 is returned in case of overflow */ |
21 | | /* *pbOverflowFlag is set to TRUE if overflow has occured */ |
22 | | size_t CPL_DLL VSISafeMul2( size_t mul1, size_t mul2, int *pbOverflowFlag); |
23 | | size_t CPL_DLL VSISafeMul3( size_t mul1, size_t mul2, size_t mul3, int *pbOverflowFlag); |
| 19 | /** |
| 20 | This function returns (mul1 * mul2) and checks that the result of |
| 21 | the multiplication does not overflow the limits of size_t. |
| 22 | In case of overflow, 0 is returned, *pbOverflowFlag is set to TRUE |
| 23 | and a CE_Failure error is raised with CPLError() |
| 24 | */ |
| 25 | size_t CPL_DLL CPLSafeMul2( size_t mul1, size_t mul2, int *pbOverflowFlag); |
25 | | /* This function return the @size argument if it fits into an integer, or 0 in */ |
26 | | /* case of overflow. */ |
27 | | /* *pbOverflowFlag is set to TRUE if overflow has occured */ |
28 | | int CPL_DLL VSISafeSizetCastToInt( size_t size, int *pbOverflowFlag ); |
| 27 | /** |
| 28 | This function returns (mul1 * mul2 * mul3) and checks that the result of |
| 29 | the multiplication does not overflow the limits of size_t. |
| 30 | In case of overflow, 0 is returned, *pbOverflowFlag is set to TRUE |
| 31 | and a CE_Failure error is raised with CPLError() |
| 32 | */ |
| 33 | size_t CPL_DLL CPLSafeMul3( size_t mul1, size_t mul2, size_t mul3, int *pbOverflowFlag); |
| 34 | |
| 35 | /** |
| 36 | This function return the @size argument if it fits into an integer. |
| 37 | In case of overflow, 0 is returned, *pbOverflowFlag is set to TRUE |
| 38 | and a CE_Failure error is raised with CPLError() |
| 39 | */ |
| 40 | int CPL_DLL CPLSafeSizetCastToInt( size_t size, int *pbOverflowFlag ); |
33 | | Implementation of CPLMalloc, CPLCalloc, CPLRealloc, VSIMalloc, VSICalloc, VSIRealloc will not be changed. Developers are encouraged to use the VSI functions rather than the CPL ones since CPLMalloc will abort the process when doing a too large allocation, whereas VSIMalloc will return a NULL pointer. |
| 45 | |
| 46 | To avoid verbosity when using the CPLSafeMulX calls for memory allocation, the following helper functions will also be provided. |
| 47 | |
| 48 | {{{ |
| 49 | /** |
| 50 | CPLSafeMalloc2 allocates (nSize1 * nSize2) bytes. |
| 51 | In case of overflow of the multiplication, or if memory allocation fails, a |
| 52 | NULL pointer is returned and a CE_Failure error is raised with CPLError(). |
| 53 | If nSize1 == 0 || nSize2 == 0, a NULL pointer will also be returned. |
| 54 | CPLFree() or VSIFree() can be used to free memory allocated by this function. |
| 55 | */ |
| 56 | void CPL_DLL *CPLSafeMalloc2( size_t nSize1, size_t nSize2 ); |
| 57 | |
| 58 | /** |
| 59 | CPLSafeMalloc3 allocates (nSize1 * nSize2 * nSize3) bytes. |
| 60 | In case of overflow of the multiplication, or if memory allocation fails, a |
| 61 | NULL pointer is returned and a CE_Failure error is raised with CPLError(). |
| 62 | If nSize1 == 0 || nSize2 == 0 || nSize3 == 0, a NULL pointer will also be returned. |
| 63 | CPLFree() or VSIFree() can be used to free memory allocated by this function. |
| 64 | */ |
| 65 | void CPL_DLL *CPLSafeMalloc3( size_t nSize1, size_t nSize2, size_t nSize3 ); |
| 66 | }}} |
| 67 | |
| 68 | Implementation of CPLMalloc, CPLCalloc, CPLRealloc, VSIMalloc, VSICalloc, VSIRealloc will not be changed. Developers are encouraged to use the CPLSafeMallocX functions instead of doing CPLMalloc(x * y) or VSIMalloc(x * y). |