diff mbox series

[v4,25/25] reftable/basics: ban standard allocator functions

Message ID 764961e6f02b8e5788bce75830559b70c2e6f231.1727774935.git.ps@pks.im (mailing list archive)
State Superseded
Headers show
Series reftable: handle allocation errors | expand

Commit Message

Patrick Steinhardt Oct. 1, 2024, 9:43 a.m. UTC
The reftable library uses pluggable allocators, which means that we
shouldn't ever use the standard allocator functions. But it is an easy
mistake to make to accidentally use e.g. free(3P) instead of the
reftable-specific `reftable_free()` function, and we do not have any
mechanism to detect this misuse right now.

Introduce a couple of macros that ban the standard allocators, similar
to how we do it in "banned.h".

Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
 reftable/basics.c | 1 +
 reftable/basics.h | 9 +++++++++
 2 files changed, 10 insertions(+)

Comments

Junio C Hamano Oct. 1, 2024, 10:50 p.m. UTC | #1
Patrick Steinhardt <ps@pks.im> writes:

> +#ifndef REFTABLE_ALLOW_BANNED_ALLOCATORS
> +# define REFTABLE_BANNED(func) use_reftable_##func##_instead

We'd need to mimic banned.h a bit better, by adding

#undef malloc
#undef realloc
#undef free
#undef calloc
#undef strdup

before (potentially re-)defining them.

> +# define malloc(sz) REFTABLE_BANNED(malloc)
> +# define realloc(ptr, sz) REFTABLE_BANNED(realloc)
> +# define free(ptr) REFTABLE_BANNED(free)
> +# define calloc(nelem, elsize) REFTABLE_BANNED(calloc)
> +# define strdup(str) REFTABLE_BANNED(strdup)
> +#endif
Patrick Steinhardt Oct. 2, 2024, 4:30 a.m. UTC | #2
On Tue, Oct 01, 2024 at 03:50:42PM -0700, Junio C Hamano wrote:
> Patrick Steinhardt <ps@pks.im> writes:
> 
> > +#ifndef REFTABLE_ALLOW_BANNED_ALLOCATORS
> > +# define REFTABLE_BANNED(func) use_reftable_##func##_instead
> 
> We'd need to mimic banned.h a bit better, by adding
> 
> #undef malloc
> #undef realloc
> #undef free
> #undef calloc
> #undef strdup
> 
> before (potentially re-)defining them.
> 
> > +# define malloc(sz) REFTABLE_BANNED(malloc)
> > +# define realloc(ptr, sz) REFTABLE_BANNED(realloc)
> > +# define free(ptr) REFTABLE_BANNED(free)
> > +# define calloc(nelem, elsize) REFTABLE_BANNED(calloc)
> > +# define strdup(str) REFTABLE_BANNED(strdup)
> > +#endif

Oh, indeed, that's something I missed. Will do for a hopefully last
reroll.

Patrick
diff mbox series

Patch

diff --git a/reftable/basics.c b/reftable/basics.c
index ea53cf102a..c8396dc525 100644
--- a/reftable/basics.c
+++ b/reftable/basics.c
@@ -6,6 +6,7 @@  license that can be found in the LICENSE file or at
 https://developers.google.com/open-source/licenses/bsd
 */
 
+#define REFTABLE_ALLOW_BANNED_ALLOCATORS
 #include "basics.h"
 #include "reftable-basics.h"
 
diff --git a/reftable/basics.h b/reftable/basics.h
index 7f0f20e50c..428e8d1e57 100644
--- a/reftable/basics.h
+++ b/reftable/basics.h
@@ -73,6 +73,15 @@  char *reftable_strdup(const char *str);
 	} while (0)
 #define REFTABLE_FREE_AND_NULL(p) do { reftable_free(p); (p) = NULL; } while (0)
 
+#ifndef REFTABLE_ALLOW_BANNED_ALLOCATORS
+# define REFTABLE_BANNED(func) use_reftable_##func##_instead
+# define malloc(sz) REFTABLE_BANNED(malloc)
+# define realloc(ptr, sz) REFTABLE_BANNED(realloc)
+# define free(ptr) REFTABLE_BANNED(free)
+# define calloc(nelem, elsize) REFTABLE_BANNED(calloc)
+# define strdup(str) REFTABLE_BANNED(strdup)
+#endif
+
 /* Find the longest shared prefix size of `a` and `b` */
 struct strbuf;
 int common_prefix_size(struct strbuf *a, struct strbuf *b);