From 57fbcd2b29aa74423d47a9efd783a1508ab1bfc5 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sat, 11 Dec 2021 11:13:00 +0000
Subject: [PATCH] malloc.c: check allocation sizes against PTRDIFF_MAX.

I don't expect this to actually come up in any circumstance, but it
prevents a warning in some versions of gcc that would otherwise arise
from the use of 'int' to compute the input size: if gcc isn't
confident that the int is positive, then it complains that possible
inputs to malloc might be in the region of 2^64 - (small multiple of a
negative 32-bit int).

I would hope malloc would fail in any case on such an input, so
failing a couple of lines earlier makes no important difference.

Annoyingly, stdint.h is missing in my NestedVM build setup (though it
has stdbool.h - it's not _totally_ C90). So I have to check that at
cmake time.

Also, removed the #defines for smalloc and friends from the tree234
test mode. These were needed in the old build system, when
tree234-test was built ad-hoc without being linked against malloc.c.
But now tree234-test links against the same utils library as
everything else, and can use the real smalloc - and doing so prevents
another of these warnings when compiling with -flto.
---
 cmake/setup.cmake |  6 ++++++
 malloc.c          | 11 +++++++++++
 tree234.c         |  3 ---
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/cmake/setup.cmake b/cmake/setup.cmake
index ee39dbf..e8e0309 100644
--- a/cmake/setup.cmake
+++ b/cmake/setup.cmake
@@ -32,6 +32,12 @@ endif()
 set(puzzle_names)
 set(puzzle_sources)
 
+include(CheckIncludeFile)
+check_include_file(stdint.h HAVE_STDINT_H)
+if(NOT HAVE_STDINT_H)
+  add_compile_definitions(NO_STDINT_H)
+endif()
+
 include(icons/icons.cmake)
 
 # The main function called from the top-level CMakeLists.txt to define
diff --git a/malloc.c b/malloc.c
index 7e5b87e..39bcfac 100644
--- a/malloc.c
+++ b/malloc.c
@@ -2,6 +2,9 @@
  * malloc.c: safe wrappers around malloc, realloc, free, strdup
  */
 
+#ifndef NO_STDINT_H
+#include <stdint.h>
+#endif
 #include <stdlib.h>
 #include <string.h>
 #include "puzzles.h"
@@ -12,6 +15,10 @@
  */
 void *smalloc(size_t size) {
     void *p;
+#ifdef PTRDIFF_MAX
+    if (size > PTRDIFF_MAX)
+	fatal("allocation too large");
+#endif
     p = malloc(size);
     if (!p)
 	fatal("out of memory");
@@ -32,6 +39,10 @@ void sfree(void *p) {
  */
 void *srealloc(void *p, size_t size) {
     void *q;
+#ifdef PTRDIFF_MAX
+    if (size > PTRDIFF_MAX)
+	fatal("allocation too large");
+#endif
     if (p) {
 	q = realloc(p, size);
     } else {
diff --git a/tree234.c b/tree234.c
index 587389f..136f6e2 100644
--- a/tree234.c
+++ b/tree234.c
@@ -43,9 +43,6 @@ static void logprintf(const char *fmt, ...)
     va_end(ap);
 }
 #define LOG(x) (logprintf x)
-#define smalloc malloc
-#define srealloc realloc
-#define sfree free
 #else
 #define LOG(x)
 #endif