ufs: use mallocarray(9).

Basic use of mallocarray to prevent overflows: static analyzers are also likely to perform additional checks. Since mallocarray expects unsigned parameters, unsign some related variables to minimize sign conversions. Reviewed by: mckusick
2018-01-17 18:18:33 +00:00 · 2018-01-17 18:18:33 +00:00 · 036ebddf97
commit 036ebddf97
parent 39d99c1186
3 changed files with 11 additions and 9 deletions
--- a/sys/ufs/ffs/ffs_snapshot.c
+++ b/sys/ufs/ffs/ffs_snapshot.c
@ -648,7 +648,7 @@ loop:
 	 * keep us out of deadlock until the full one is ready.
 	 */
 	if (xp == NULL) {
-		snapblklist = malloc(snaplistsize * sizeof(daddr_t),
+		snapblklist = mallocarray(snaplistsize, sizeof(daddr_t),
 		    M_UFSMNT, M_WAITOK);
 		blkp = &snapblklist[1];
 		*blkp++ = lblkno(fs, fs->fs_sblockloc);
@ -729,7 +729,7 @@ out1:
 	/*
 	 * Allocate space for the full list of preallocated snapshot blocks.
 	 */
-	snapblklist = malloc(snaplistsize * sizeof(daddr_t),
+	snapblklist = mallocarray(snaplistsize, sizeof(daddr_t),
 	    M_UFSMNT, M_WAITOK);
 	ip->i_snapblklist = &snapblklist[1];
 	/*
--- a/sys/ufs/ffs/ffs_softdep.c
+++ b/sys/ufs/ffs/ffs_softdep.c
@ -2466,7 +2466,8 @@ softdep_mount(devvp, mp, fs, cred)
 	struct ufsmount *ump;
 	struct cg *cgp;
 	struct buf *bp;
-	int i, error, cyl;
+	u_int cyl, i;
+	int error;

 	sdp = malloc(sizeof(struct mount_softdeps), M_MOUNTDATA,
 	    M_WAITOK | M_ZERO);
@ -2500,7 +2501,7 @@ softdep_mount(devvp, mp, fs, cred)
 	ump->bmsafemap_hashtbl = hashinit(1024, M_BMSAFEMAP,
 	    &ump->bmsafemap_hash_size);
 	i = 1 << (ffs(desiredvnodes / 10) - 1);
-	ump->indir_hashtbl = malloc(i * sizeof(struct indir_hashhead),
+	ump->indir_hashtbl = mallocarray(i, sizeof(struct indir_hashhead),
 	    M_FREEWORK, M_WAITOK);
 	ump->indir_hash_size = i - 1;
 	for (i = 0; i <= ump->indir_hash_size; i++)
@ -2627,8 +2628,8 @@ jblocks_create(void)
 	jblocks = malloc(sizeof(*jblocks), M_JBLOCKS, M_WAITOK | M_ZERO);
 	TAILQ_INIT(&jblocks->jb_segs);
 	jblocks->jb_avail = 10;
-	jblocks->jb_extent = malloc(sizeof(struct jextent) * jblocks->jb_avail,
-	    M_JBLOCKS, M_WAITOK | M_ZERO);
+	jblocks->jb_extent = mallocarray(jblocks->jb_avail,
+	    sizeof(struct jextent), M_JBLOCKS, M_WAITOK | M_ZERO);

 	return (jblocks);
 }
@ -2713,7 +2714,7 @@ jblocks_add(jblocks, daddr, blocks)
 	/* Adding a new extent. */
 	if (++jblocks->jb_used == jblocks->jb_avail) {
 		jblocks->jb_avail *= 2;
-		jext = malloc(sizeof(struct jextent) * jblocks->jb_avail,
+		jext = mallocarray(jblocks->jb_avail, sizeof(struct jextent),
 		    M_JBLOCKS, M_WAITOK | M_ZERO);
 		memcpy(jext, jblocks->jb_extent,
 		    sizeof(struct jextent) * jblocks->jb_used);
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@ -2170,7 +2170,7 @@ ufs_readdir(ap)
 	off_t offset, startoffset;
 	size_t readcnt, skipcnt;
 	ssize_t startresid;
-	int ncookies;
+	u_int ncookies;
 	int error;

 	if (uio->uio_offset < 0)
@ -2185,7 +2185,8 @@ ufs_readdir(ap)
 		else if (ip->i_size - uio->uio_offset < ncookies)
 			ncookies = ip->i_size - uio->uio_offset;
 		ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
-		cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
+		cookies = mallocarray(ncookies, sizeof(*cookies), M_TEMP,
+		    M_WAITOK);
 		*ap->a_ncookies = ncookies;
 		*ap->a_cookies = cookies;
 	} else {