integer arithmetic types: correct perhaps-possible negative timeout situation

[secnet.git] / util.c

diff --git a/util.c b/util.c
index 883edf5f12574922f87fee14197fd6a89bb5c372..44a45e50d4c22d0c19350e9277e91d93d4ed65c3 100644 (file)
--- a/util.c
+++ b/util.c
@@ -43,7 +43,7 @@
 #define DEFAULT_BUFFER_SIZE 4096
 #define MAX_BUFFER_SIZE 131072
 
-static char *hexdigits="0123456789abcdef";
+static const char *hexdigits="0123456789abcdef";
 
 uint32_t current_phase=0;
 
@@ -55,7 +55,7 @@ struct phase_hook {
 
 static struct phase_hook *hooks[NR_PHASES]={NULL,};
 
-char *safe_strdup(char *s, char *message)
+char *safe_strdup(const char *s, const char *message)
 {
     char *d;
     d=strdup(s);
@@ -65,7 +65,7 @@ char *safe_strdup(char *s, char *message)
     return d;
 }
 
-void *safe_malloc(size_t size, char *message)
+void *safe_malloc(size_t size, const char *message)
 {
     void *r;
     r=malloc(size);
@@ -74,6 +74,12 @@ void *safe_malloc(size_t size, char *message)
     }
     return r;
 }
+void *safe_malloc_ary(size_t size, size_t count, const char *message) {
+    if (count >= INT_MAX/size) {
+       fatal("array allocation overflow: %s", message);
+    }
+    return safe_malloc(size*count, message);
+}
 
 /* Convert a buffer into its MP_INT representation */
 void read_mpbin(MP_INT *a, uint8_t *bin, int binsize)
@@ -155,7 +161,7 @@ uint32_t write_mpbin(MP_INT *a, uint8_t *buffer, uint32_t buflen)
     return i;
 }
 
-static char *phases[NR_PHASES]={
+static const char *phases[NR_PHASES]={
     "PHASE_INIT",
     "PHASE_GETOPTS",
     "PHASE_READCONFIG",
@@ -198,12 +204,17 @@ bool_t remove_hook(uint32_t phase, hook_fn *fn, void *state)
     return False;
 }
 
-void log(struct log_if *lf, int priority, char *message, ...)
+void vslilog(struct log_if *lf, int priority, const char *message, va_list ap)
+{
+    lf->vlog(lf->st,priority,message,ap);
+}
+
+void slilog(struct log_if *lf, int priority, const char *message, ...)
 {
     va_list ap;
     
     va_start(ap,message);
-    lf->vlog(lf->st,priority,message,ap);
+    vslilog(lf,priority,message,ap);
     va_end(ap);
 }
 
@@ -212,7 +223,8 @@ struct buffer {
     struct buffer_if ops;
 };
 
-void buffer_assert_free(struct buffer_if *buffer, string_t file, uint32_t line)
+void buffer_assert_free(struct buffer_if *buffer, cstring_t file,
+                       uint32_t line)
 {
     if (!buffer->free) {
        fatal("BUF_ASSERT_FREE, %s line %d, owned by %s",
@@ -220,7 +232,8 @@ void buffer_assert_free(struct buffer_if *buffer, string_t file, uint32_t line)
     }
 }
 
-void buffer_assert_used(struct buffer_if *buffer, string_t file, uint32_t line)
+void buffer_assert_used(struct buffer_if *buffer, cstring_t file,
+                       uint32_t line)
 {
     if (buffer->free) {
        fatal("BUF_ASSERT_USED, %s line %d, last owned by %s",
@@ -236,12 +249,14 @@ void buffer_init(struct buffer_if *buffer, uint32_t max_start_pad)
 
 void *buf_append(struct buffer_if *buf, uint32_t amount) {
     void *p;
+    assert(buf->size <= buf->len - amount);
     p=buf->start + buf->size;
     buf->size+=amount;
     return p;
 }
 
 void *buf_prepend(struct buffer_if *buf, uint32_t amount) {
+    assert(amount <= buf->start - buf->base);
     buf->size+=amount;
     return buf->start-=amount;
 }
@@ -261,11 +276,12 @@ void *buf_unprepend(struct buffer_if *buf, uint32_t amount) {
 
 /* Append a two-byte length and the string to the buffer. Length is in
    network byte order. */
-void buf_append_string(struct buffer_if *buf, string_t s)
+void buf_append_string(struct buffer_if *buf, cstring_t s)
 {
     uint16_t len;
 
     len=strlen(s);
+    /* fixme: if string is longer than 65535, result is a corrupted packet */
     buf_append_uint16(buf,len);
     memcpy(buf_append(buf,len),s,len);
 }
@@ -333,7 +349,6 @@ static list_t *buffer_apply(closure_t *self, struct cloc loc, dict_t *context,
     return new_closure(&st->cl);
 }
 
-init_module util_module;
 void util_module(dict_t *dict)
 {
     add_closure(dict,"sysbuffer",buffer_apply);