freebsd-dev/bin/sh/memalloc.c
Jilles Tjoelker 9f9c9549fd sh: Assert INTOFF rather than applying it in ck*
As I noted in https://reviews.freebsd.org/D22756, INTOFF should be in effect
when calling ckmalloc/ckrealloc/ckfree to avoid memory leaks and double
frees. Therefore, change the functions to check if INTOFF is in effect
instead of applying it.

Reviewed by:	bdrewery
Differential Revision:	https://reviews.freebsd.org/D24599
2020-04-28 20:34:27 +00:00

352 lines
7.7 KiB
C

/*-
* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Kenneth Almquist.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
#if 0
static char sccsid[] = "@(#)memalloc.c 8.3 (Berkeley) 5/4/95";
#endif
#endif /* not lint */
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include "shell.h"
#include "output.h"
#include "memalloc.h"
#include "error.h"
#include "mystring.h"
#include "expand.h"
#include <stdlib.h>
#include <unistd.h>
static void
badalloc(const char *message)
{
write(2, message, strlen(message));
abort();
}
/*
* Like malloc, but returns an error when out of space.
*/
pointer
ckmalloc(size_t nbytes)
{
pointer p;
if (!is_int_on())
badalloc("Unsafe ckmalloc() call\n");
p = malloc(nbytes);
if (p == NULL)
error("Out of space");
return p;
}
/*
* Same for realloc.
*/
pointer
ckrealloc(pointer p, int nbytes)
{
if (!is_int_on())
badalloc("Unsafe ckrealloc() call\n");
p = realloc(p, nbytes);
if (p == NULL)
error("Out of space");
return p;
}
void
ckfree(pointer p)
{
if (!is_int_on())
badalloc("Unsafe ckfree() call\n");
free(p);
}
/*
* Make a copy of a string in safe storage.
*/
char *
savestr(const char *s)
{
char *p;
size_t len;
len = strlen(s);
p = ckmalloc(len + 1);
memcpy(p, s, len + 1);
return p;
}
/*
* Parse trees for commands are allocated in lifo order, so we use a stack
* to make this more efficient, and also to avoid all sorts of exception
* handling code to handle interrupts in the middle of a parse.
*
* The size 496 was chosen because with 16-byte alignment the total size
* for the allocated block is 512.
*/
#define MINSIZE 496 /* minimum size of a block. */
struct stack_block {
struct stack_block *prev;
/* Data follows */
};
#define SPACE(sp) ((char*)(sp) + ALIGN(sizeof(struct stack_block)))
static struct stack_block *stackp;
char *stacknxt;
int stacknleft;
char *sstrend;
static void
stnewblock(int nbytes)
{
struct stack_block *sp;
int allocsize;
if (nbytes < MINSIZE)
nbytes = MINSIZE;
allocsize = ALIGN(sizeof(struct stack_block)) + ALIGN(nbytes);
INTOFF;
sp = ckmalloc(allocsize);
sp->prev = stackp;
stacknxt = SPACE(sp);
stacknleft = allocsize - (stacknxt - (char*)sp);
sstrend = stacknxt + stacknleft;
stackp = sp;
INTON;
}
pointer
stalloc(int nbytes)
{
char *p;
nbytes = ALIGN(nbytes);
if (nbytes > stacknleft)
stnewblock(nbytes);
p = stacknxt;
stacknxt += nbytes;
stacknleft -= nbytes;
return p;
}
void
stunalloc(pointer p)
{
if (p == NULL) { /*DEBUG */
write(STDERR_FILENO, "stunalloc\n", 10);
abort();
}
stacknleft += stacknxt - (char *)p;
stacknxt = p;
}
char *
stsavestr(const char *s)
{
char *p;
size_t len;
len = strlen(s);
p = stalloc(len + 1);
memcpy(p, s, len + 1);
return p;
}
void
setstackmark(struct stackmark *mark)
{
mark->stackp = stackp;
mark->stacknxt = stacknxt;
mark->stacknleft = stacknleft;
/* Ensure this block stays in place. */
if (stackp != NULL && stacknxt == SPACE(stackp))
stalloc(1);
}
void
popstackmark(struct stackmark *mark)
{
struct stack_block *sp;
INTOFF;
while (stackp != mark->stackp) {
sp = stackp;
stackp = sp->prev;
ckfree(sp);
}
stacknxt = mark->stacknxt;
stacknleft = mark->stacknleft;
sstrend = stacknxt + stacknleft;
INTON;
}
/*
* When the parser reads in a string, it wants to stick the string on the
* stack and only adjust the stack pointer when it knows how big the
* string is. Stackblock (defined in stack.h) returns a pointer to a block
* of space on top of the stack and stackblocklen returns the length of
* this block. Growstackblock will grow this space by at least one byte,
* possibly moving it (like realloc). Grabstackblock actually allocates the
* part of the block that has been used.
*/
static void
growstackblock(int min)
{
char *p;
int newlen;
char *oldspace;
int oldlen;
struct stack_block *sp;
struct stack_block *oldstackp;
if (min < stacknleft)
min = stacknleft;
if ((unsigned int)min >=
INT_MAX / 2 - ALIGN(sizeof(struct stack_block)))
error("Out of space");
min += stacknleft;
min += ALIGN(sizeof(struct stack_block));
newlen = 512;
while (newlen < min)
newlen <<= 1;
oldspace = stacknxt;
oldlen = stacknleft;
if (stackp != NULL && stacknxt == SPACE(stackp)) {
INTOFF;
oldstackp = stackp;
stackp = oldstackp->prev;
sp = ckrealloc((pointer)oldstackp, newlen);
sp->prev = stackp;
stackp = sp;
stacknxt = SPACE(sp);
stacknleft = newlen - (stacknxt - (char*)sp);
sstrend = stacknxt + stacknleft;
INTON;
} else {
newlen -= ALIGN(sizeof(struct stack_block));
p = stalloc(newlen);
if (oldlen != 0)
memcpy(p, oldspace, oldlen);
stunalloc(p);
}
}
/*
* The following routines are somewhat easier to use that the above.
* The user declares a variable of type STACKSTR, which may be declared
* to be a register. The macro STARTSTACKSTR initializes things. Then
* the user uses the macro STPUTC to add characters to the string. In
* effect, STPUTC(c, p) is the same as *p++ = c except that the stack is
* grown as necessary. When the user is done, she can just leave the
* string there and refer to it using stackblock(). Or she can allocate
* the space for it using grabstackstr(). If it is necessary to allow
* someone else to use the stack temporarily and then continue to grow
* the string, the user should use grabstack to allocate the space, and
* then call ungrabstr(p) to return to the previous mode of operation.
*
* USTPUTC is like STPUTC except that it doesn't check for overflow.
* CHECKSTACKSPACE can be called before USTPUTC to ensure that there
* is space for at least one character.
*/
static char *
growstrstackblock(int n, int min)
{
growstackblock(min);
return stackblock() + n;
}
char *
growstackstr(void)
{
int len;
len = stackblocksize();
return (growstrstackblock(len, 0));
}
/*
* Called from CHECKSTRSPACE.
*/
char *
makestrspace(int min, char *p)
{
int len;
len = p - stackblock();
return (growstrstackblock(len, min));
}
char *
stputbin(const char *data, size_t len, char *p)
{
CHECKSTRSPACE(len, p);
memcpy(p, data, len);
return (p + len);
}
char *
stputs(const char *data, char *p)
{
return (stputbin(data, strlen(data), p));
}