From e9451782cfbe9fc9105bf63228bca3e2265af8f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= Date: Sat, 15 Oct 2016 18:23:11 +0200 Subject: avoid pointer arithmetic involving NULL in FLEX_ALLOC_MEM Calculating offsets involving a NULL pointer is undefined. It works in practice (for now?), but we should not rely on it. Allocate first and then simply refer to the flexible array member by its name instead of performing pointer arithmetic up front. The resulting code is slightly shorter, easier to read and doesn't rely on undefined behaviour. NB: The cast to a (non-const) void pointer is necessary to keep support for flexible array members declared as const. Signed-off-by: Rene Scharfe Reviewed-by: Jeff King Signed-off-by: Junio C Hamano --- git-compat-util.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'git-compat-util.h') diff --git a/git-compat-util.h b/git-compat-util.h index 17918d028..237cef176 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -815,8 +815,9 @@ extern FILE *fopen_for_writing(const char *path); * times, and it must be assignable as an lvalue. */ #define FLEX_ALLOC_MEM(x, flexname, buf, len) do { \ - (x) = NULL; /* silence -Wuninitialized for offset calculation */ \ - (x) = xalloc_flex(sizeof(*(x)), (char *)(&((x)->flexname)) - (char *)(x), (buf), (len)); \ + size_t flex_array_len_ = (len); \ + (x) = xcalloc(1, st_add3(sizeof(*(x)), flex_array_len_, 1)); \ + memcpy((void *)(x)->flexname, (buf), flex_array_len_); \ } while (0) #define FLEXPTR_ALLOC_MEM(x, ptrname, buf, len) do { \ (x) = xalloc_flex(sizeof(*(x)), sizeof(*(x)), (buf), (len)); \ -- cgit v1.2.1 From 0ac52a38e8008fa5bb243e150031681420c639fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= Date: Sun, 16 Oct 2016 12:06:02 +0200 Subject: inline xalloc_flex() into FLEXPTR_ALLOC_MEM Allocate and copy directly in FLEXPTR_ALLOC_MEM and remove the now unused helper function xalloc_flex(). The resulting code is shorter and the offset arithmetic is a bit simpler. Suggested-by: Jeff King Signed-off-by: Rene Scharfe Reviewed-by: Jeff King Signed-off-by: Junio C Hamano --- git-compat-util.h | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'git-compat-util.h') diff --git a/git-compat-util.h b/git-compat-util.h index 237cef176..36c4f3acf 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -820,7 +820,9 @@ extern FILE *fopen_for_writing(const char *path); memcpy((void *)(x)->flexname, (buf), flex_array_len_); \ } while (0) #define FLEXPTR_ALLOC_MEM(x, ptrname, buf, len) do { \ - (x) = xalloc_flex(sizeof(*(x)), sizeof(*(x)), (buf), (len)); \ + size_t flex_array_len_ = (len); \ + (x) = xcalloc(1, st_add3(sizeof(*(x)), flex_array_len_, 1)); \ + memcpy((x) + 1, (buf), flex_array_len_); \ (x)->ptrname = (void *)((x)+1); \ } while(0) #define FLEX_ALLOC_STR(x, flexname, str) \ @@ -828,14 +830,6 @@ extern FILE *fopen_for_writing(const char *path); #define FLEXPTR_ALLOC_STR(x, ptrname, str) \ FLEXPTR_ALLOC_MEM((x), ptrname, (str), strlen(str)) -static inline void *xalloc_flex(size_t base_len, size_t offset, - const void *src, size_t src_len) -{ - unsigned char *ret = xcalloc(1, st_add3(base_len, src_len, 1)); - memcpy(ret + offset, src, src_len); - return ret; -} - static inline char *xstrdup_or_null(const char *str) { return str ? xstrdup(str) : NULL; -- cgit v1.2.1