avutil/mem: Also poison new av_realloc-allocated blocks

[ffmpeg] / libavutil / mem.c

diff --git a/libavutil/mem.c b/libavutil/mem.c
index 88fe09b1794aa6744e89be1444bbfaaaf8fa4ea8..fa227f5e120f9e9931f6eb06fd56aa1ffbb86e4b 100644 (file)
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -78,8 +78,7 @@ void *av_malloc(size_t size)
 {
     void *ptr = NULL;
 
-    /* let's disallow possibly ambiguous cases */
-    if (size > (max_alloc_size - 32))
+    if (size > max_alloc_size)
         return NULL;
 
 #if HAVE_POSIX_MEMALIGN
@@ -134,15 +133,20 @@ void *av_malloc(size_t size)
 
 void *av_realloc(void *ptr, size_t size)
 {
-    /* let's disallow possibly ambiguous cases */
-    if (size > (max_alloc_size - 32))
+    void *ret;
+    if (size > max_alloc_size)
         return NULL;
 
 #if HAVE_ALIGNED_MALLOC
-    return _aligned_realloc(ptr, size + !size, ALIGN);
+    ret = _aligned_realloc(ptr, size + !size, ALIGN);
 #else
-    return realloc(ptr, size + !size);
+    ret = realloc(ptr, size + !size);
 #endif
+#if CONFIG_MEMORY_POISONING
+    if (ret && !ptr)
+        memset(ret, FF_MEMORY_POISON, size);
+#endif
+    return ret;
 }
 
 void *av_realloc_f(void *ptr, size_t nelem, size_t elsize)
@@ -183,23 +187,26 @@ int av_reallocp(void *ptr, size_t size)
 
 void *av_malloc_array(size_t nmemb, size_t size)
 {
-    if (!size || nmemb >= INT_MAX / size)
+    size_t result;
+    if (av_size_mult(nmemb, size, &result) < 0)
         return NULL;
-    return av_malloc(nmemb * size);
+    return av_malloc(result);
 }
 
 void *av_mallocz_array(size_t nmemb, size_t size)
 {
-    if (!size || nmemb >= INT_MAX / size)
+    size_t result;
+    if (av_size_mult(nmemb, size, &result) < 0)
         return NULL;
-    return av_mallocz(nmemb * size);
+    return av_mallocz(result);
 }
 
 void *av_realloc_array(void *ptr, size_t nmemb, size_t size)
 {
-    if (!size || nmemb >= INT_MAX / size)
+    size_t result;
+    if (av_size_mult(nmemb, size, &result) < 0)
         return NULL;
-    return av_realloc(ptr, nmemb * size);
+    return av_realloc(ptr, result);
 }
 
 int av_reallocp_array(void *ptr, size_t nmemb, size_t size)
@@ -243,9 +250,10 @@ void *av_mallocz(size_t size)
 
 void *av_calloc(size_t nmemb, size_t size)
 {
-    if (size <= 0 || nmemb >= INT_MAX / size)
+    size_t result;
+    if (av_size_mult(nmemb, size, &result) < 0)
         return NULL;
-    return av_mallocz(nmemb * size);
+    return av_mallocz(result);
 }
 
 char *av_strdup(const char *s)
@@ -478,12 +486,12 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size)
     if (min_size <= *size)
         return ptr;
 
-    if (min_size > max_alloc_size - 32) {
+    if (min_size > max_alloc_size) {
         *size = 0;
         return NULL;
     }
 
-    min_size = FFMIN(max_alloc_size - 32, FFMAX(min_size + min_size / 16 + 32, min_size));
+    min_size = FFMIN(max_alloc_size, FFMAX(min_size + min_size / 16 + 32, min_size));
 
     ptr = av_realloc(ptr, min_size);
     /* we could set this to the unmodified min_size but this is safer