[FFmpeg-devel] [PATCH] Avoid running malloc/free for 0-sized allocs and return a pointer to const memory so we will still detect invalid writes to malloc(0) areas. This also fixes av_realloc to treat size == 0 specially.

Michael Niedermayer michaelni at gmx.at
Sat May 7 13:35:54 CEST 2011


On Sat, May 07, 2011 at 09:56:31AM +0200, Reimar Döffinger wrote:
> ---
>  libavutil/mem.c |   10 +++++++++-
>  1 files changed, 9 insertions(+), 1 deletions(-)
> 
> diff --git a/libavutil/mem.c b/libavutil/mem.c
> index f0f18d1..134fcba 100644
> --- a/libavutil/mem.c
> +++ b/libavutil/mem.c
> @@ -57,6 +57,8 @@ void  free(void *ptr);
>  
>  #endif /* MALLOC_PREFIX */
>  
> +static const int dummy_alloc;
> +
>  /* You can redefine av_malloc and av_free in your project to use your
>     memory allocator. You do not need to suppress this file because the
>     linker will do it automatically. */
> @@ -72,7 +74,7 @@ void *av_malloc(size_t size)
>      if(size > (INT_MAX-32) )
>          return NULL;
>      else if(!size)
> -        size= 1;
> +        return (void *)&dummy_alloc;

This violates ISO C malloc() semantics, as well as attribute(malloc)
semantics and its also not correctly aligned.
We might ignore ISO C as this isnt malloc(), the rest looks like a
possinble issue though
ignoring the attribute semantics means we have to remove
attribute(malloc) or risk undefined behavior on av_malloc(0)
the align should be easy to fix

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110507/0b8239f0/attachment.asc>


More information about the ffmpeg-devel mailing list