projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 96ce065)
Eliminate several cases of multiplication in arguments to calloc
authorCarl Worth <cworth@cworth.org>
Wed, 3 Sep 2014 21:18:18 +0000 (14:18 -0700)
committerCarl Worth <cworth@cworth.org>
Thu, 4 Sep 2014 01:37:02 +0000 (18:37 -0700)
In commit 32f2fd1c5d6088692551c80352b7d6fa35b0cd09, several calls to
_mesa_calloc(x) were replaced with calls to calloc(1, x). This is strictly
equivalent to what the code was doing previously.

But for cases where "x" involves multiplication, now that we are explicitly
using the two-argument calloc, we can do one step better and replace:

calloc(1, A * B);

with:

calloc(A, B);

The advantage of the latter is that calloc will detect any overflow that would
have resulted from the multiplication and will fail the allocation, (whereas
the former would return a small allocation). So this fix can change
potentially exploitable buffer overruns into segmentation faults.

Reviewed-by: Matt Turner <mattst88@gmail.com>
src/gallium/drivers/freedreno/a2xx/ir-a2xx.c patch | blob | history
src/gallium/drivers/freedreno/ir3/ir3.c patch | blob | history
src/gallium/drivers/r600/r600_asm.c patch | blob | history
src/mapi/glapi/gen/gl_gentable.py patch | blob | history
src/mesa/drivers/dri/common/utils.c patch | blob | history
src/mesa/drivers/dri/i965/brw_state_cache.c patch | blob | history
src/mesa/main/atifragshader.c patch | blob | history
src/mesa/program/prog_instruction.c patch | blob | history
src/mesa/program/prog_optimize.c patch | blob | history
src/mesa/program/prog_parameter.c patch | blob | history
src/mesa/vbo/vbo_exec_array.c patch | blob | history

diff --git a/src/gallium/drivers/freedreno/a2xx/ir-a2xx.c b/src/gallium/drivers/freedreno/a2xx/ir-a2xx.c
index 18afba8a5a34c31a1aec648085a974021d189c98..cff5a27fce0adc427635d5ca93c8080991d68457 100644 (file)
--- a/src/gallium/drivers/freedreno/a2xx/ir-a2xx.c
+++ b/src/gallium/drivers/freedreno/a2xx/ir-a2xx.c
@@ -146,7 +146,7 @@ void * ir2_shader_assemble(struct ir2_shader *shader, struct ir2_shader_info *in
                goto fail;
        }
 
-       ptr = dwords = calloc(1, 4 * info->sizedwords);
+       ptr = dwords = calloc(4, info->sizedwords);
 
        /* second pass, emit CF program in pairs: */
        for (i = 0; i < shader->cfs_count; i += 2) {
diff --git a/src/gallium/drivers/freedreno/ir3/ir3.c b/src/gallium/drivers/freedreno/ir3/ir3.c
index ea2a9251b284f50474dfa9501bd4aa700b23e6b1..3da10fb81e36f8582e289f5a62903cd2089838fa 100644 (file)
--- a/src/gallium/drivers/freedreno/ir3/ir3.c
+++ b/src/gallium/drivers/freedreno/ir3/ir3.c
@@ -554,7 +554,7 @@ void * ir3_assemble(struct ir3 *shader, struct ir3_info *info)
         */
        info->sizedwords = 2 * align(shader->instrs_count, 4);
 
-       ptr = dwords = calloc(1, 4 * info->sizedwords);
+       ptr = dwords = calloc(4, info->sizedwords);
 
        for (i = 0; i < shader->instrs_count; i++) {
                struct ir3_instruction *instr = shader->instrs[i];
diff --git a/src/gallium/drivers/r600/r600_asm.c b/src/gallium/drivers/r600/r600_asm.c
index 4da918c9f312b1d5d0b2f2bacdb6750c1d18c510..8aa69b506a7263ed6a7050790f76487ddb3602f5 100644 (file)
--- a/src/gallium/drivers/r600/r600_asm.c
+++ b/src/gallium/drivers/r600/r600_asm.c
@@ -1590,7 +1590,7 @@ int r600_bytecode_build(struct r600_bytecode *bc)
                bc->ndw = cf->addr + cf->ndw;
        }
        free(bc->bytecode);
-       bc->bytecode = calloc(1, bc->ndw * 4);
+       bc->bytecode = calloc(4, bc->ndw);
        if (bc->bytecode == NULL)
                return -ENOMEM;
        LIST_FOR_EACH_ENTRY(cf, &bc->cf, list) {
diff --git a/src/mapi/glapi/gen/gl_gentable.py b/src/mapi/glapi/gen/gl_gentable.py
index 7577b66a61b0f64bccfa1592abd92406acfaf326..ce9af99d50cd6477edd38889a38be102fdf2a849 100644 (file)
--- a/src/mapi/glapi/gen/gl_gentable.py
+++ b/src/mapi/glapi/gen/gl_gentable.py
@@ -113,7 +113,7 @@ __glapi_gentable_set_remaining_noop(struct _glapi_table *disp) {
 
 struct _glapi_table *
 _glapi_create_table_from_handle(void *handle, const char *symbol_prefix) {
-    struct _glapi_table *disp = calloc(1, _glapi_get_dispatch_table_size() * sizeof(_glapi_proc));
+    struct _glapi_table *disp = calloc(_glapi_get_dispatch_table_size(), sizeof(_glapi_proc));
     char symboln[512];
 
     if(!disp)
diff --git a/src/mesa/drivers/dri/common/utils.c b/src/mesa/drivers/dri/common/utils.c
index e0b3db8cf14267e9615d3569986fc83c025caa8f..f2e63c0b98c0fd6b9e973802345a75bcab75cccd 100644 (file)
--- a/src/mesa/drivers/dri/common/utils.c
+++ b/src/mesa/drivers/dri/common/utils.c
@@ -238,7 +238,7 @@ driCreateConfigs(mesa_format format,
    is_srgb = _mesa_get_format_color_encoding(format) == GL_SRGB;
 
    num_modes = num_depth_stencil_bits * num_db_modes * num_accum_bits * num_msaa_modes;
-   configs = calloc(1, (num_modes + 1) * sizeof *configs);
+   configs = calloc(num_modes + 1, sizeof *configs);
    if (configs == NULL)
        return NULL;
 
diff --git a/src/mesa/drivers/dri/i965/brw_state_cache.c b/src/mesa/drivers/dri/i965/brw_state_cache.c
index 19079c8b2cce8c2d16396d9de6382647bed5f002..bb5047ea4d6b6bf4a5508a1f62e5b14d52a4672d 100644 (file)
--- a/src/mesa/drivers/dri/i965/brw_state_cache.c
+++ b/src/mesa/drivers/dri/i965/brw_state_cache.c
@@ -115,7 +115,7 @@ rehash(struct brw_cache *cache)
    GLuint size, i;
 
    size = cache->size * 3;
-   items = calloc(1, size * sizeof(*items));
+   items = calloc(size, sizeof(*items));
 
    for (i = 0; i < cache->size; i++)
       for (c = cache->items[i]; c; c = next) {
@@ -334,7 +334,7 @@ brw_init_caches(struct brw_context *brw)
    cache->size = 7;
    cache->n_items = 0;
    cache->items =
-      calloc(1, cache->size * sizeof(struct brw_cache_item *));
+      calloc(cache->size, sizeof(struct brw_cache_item *));
 
    cache->bo = drm_intel_bo_alloc(brw->bufmgr,
                                  "program cache",
diff --git a/src/mesa/main/atifragshader.c b/src/mesa/main/atifragshader.c
index 7077c96f1e3d3de2bed52c3664165e30e3334765..1eab7731aea96aa09c117941d593eb9565e785c8 100644 (file)
--- a/src/mesa/main/atifragshader.c
+++ b/src/mesa/main/atifragshader.c
@@ -325,11 +325,11 @@ _mesa_BeginFragmentShaderATI(void)
       a start */
    for (i = 0; i < MAX_NUM_PASSES_ATI; i++) {
       ctx->ATIFragmentShader.Current->Instructions[i] =
-        calloc(1, sizeof(struct atifs_instruction) *
-                  (MAX_NUM_INSTRUCTIONS_PER_PASS_ATI));
+        calloc(sizeof(struct atifs_instruction),
+                MAX_NUM_INSTRUCTIONS_PER_PASS_ATI);
       ctx->ATIFragmentShader.Current->SetupInst[i] =
-        calloc(1, sizeof(struct atifs_setupinst) *
-                  (MAX_NUM_FRAGMENT_REGISTERS_ATI));
+        calloc(sizeof(struct atifs_setupinst),
+                MAX_NUM_FRAGMENT_REGISTERS_ATI);
    }
 
 /* can't rely on calloc for initialization as it's possible to redefine a shader (?) */
diff --git a/src/mesa/program/prog_instruction.c b/src/mesa/program/prog_instruction.c
index dcfedb77bdd3d9269610b6aec5b930647b62d27f..dc0a5109f885dc9235ae6e5586f8c0fc96063d07 100644 (file)
--- a/src/mesa/program/prog_instruction.c
+++ b/src/mesa/program/prog_instruction.c
@@ -70,7 +70,7 @@ struct prog_instruction *
 _mesa_alloc_instructions(GLuint numInst)
 {
    return
-      calloc(1, numInst * sizeof(struct prog_instruction));
+      calloc(numInst, sizeof(struct prog_instruction));
 }
 
 
diff --git a/src/mesa/program/prog_optimize.c b/src/mesa/program/prog_optimize.c
index 6153f5e2cf5f275a094a9c65d388e74e6afcd05f..08c1c3046e72e0271d8f20dcb5bf7326ae1ba2a2 100644 (file)
--- a/src/mesa/program/prog_optimize.c
+++ b/src/mesa/program/prog_optimize.c
@@ -260,7 +260,7 @@ _mesa_remove_dead_code_global(struct gl_program *prog)
    }
 
    removeInst =
-      calloc(1, prog->NumInstructions * sizeof(GLboolean));
+      calloc(prog->NumInstructions, sizeof(GLboolean));
 
    /* Determine which temps are read and written */
    for (i = 0; i < prog->NumInstructions; i++) {
@@ -602,7 +602,7 @@ _mesa_remove_dead_code_local(struct gl_program *prog)
    GLuint i, arg, rem = 0;
 
    removeInst =
-      calloc(1, prog->NumInstructions * sizeof(GLboolean));
+      calloc(prog->NumInstructions, sizeof(GLboolean));
 
    for (i = 0; i < prog->NumInstructions; i++) {
       const struct prog_instruction *inst = prog->Instructions + i;
@@ -743,7 +743,7 @@ _mesa_remove_extra_moves(struct gl_program *prog)
    }
 
    removeInst =
-      calloc(1, prog->NumInstructions * sizeof(GLboolean));
+      calloc(prog->NumInstructions, sizeof(GLboolean));
 
    /*
     * Look for sequences such as this:
diff --git a/src/mesa/program/prog_parameter.c b/src/mesa/program/prog_parameter.c
index 54531d2550d1ee6afaff25128925ac816a42e872..f43deba0b6d1b192119cf1c3bf39124b9bcc1152 100644 (file)
--- a/src/mesa/program/prog_parameter.c
+++ b/src/mesa/program/prog_parameter.c
@@ -54,7 +54,7 @@ _mesa_new_parameter_list_sized(unsigned size)
 
       /* alloc arrays */
       p->Parameters = (struct gl_program_parameter *)
-        calloc(1, size * sizeof(struct gl_program_parameter));
+        calloc(size, sizeof(struct gl_program_parameter));
 
       p->ParameterValues = (gl_constant_value (*)[4])
          _mesa_align_malloc(size * 4 *sizeof(gl_constant_value), 16);
diff --git a/src/mesa/vbo/vbo_exec_array.c b/src/mesa/vbo/vbo_exec_array.c
index 3f7058da15a7a26655bcf5b620c75608cabb3261..22557e1684423c6de1b267fb5e06cd91986a1934 100644 (file)
--- a/src/mesa/vbo/vbo_exec_array.c
+++ b/src/mesa/vbo/vbo_exec_array.c
@@ -1313,7 +1313,7 @@ vbo_validated_multidrawelements(struct gl_context *ctx, GLenum mode,
    if (primcount == 0)
       return;
 
-   prim = calloc(1, primcount * sizeof(*prim));
+   prim = calloc(primcount, sizeof(*prim));
    if (prim == NULL) {
       _mesa_error(ctx, GL_OUT_OF_MEMORY, "glMultiDrawElements");
       return;