Author: pfg
Date: Wed Jan 17 18:18:33 2018
New Revision: 328093
URL: https://svnweb.freebsd.org/changeset/base/328093

Log:
  ufs: use mallocarray(9).
  
  Basic use of mallocarray to prevent overflows: static analyzers are also
  likely to perform additional checks.
  
  Since mallocarray expects unsigned parameters, unsign some
  related variables to minimize sign conversions.
  
  Reviewed by:  mckusick

Modified:
  head/sys/ufs/ffs/ffs_snapshot.c
  head/sys/ufs/ffs/ffs_softdep.c
  head/sys/ufs/ufs/ufs_vnops.c

Modified: head/sys/ufs/ffs/ffs_snapshot.c
==============================================================================
--- head/sys/ufs/ffs/ffs_snapshot.c     Wed Jan 17 17:58:24 2018        
(r328092)
+++ head/sys/ufs/ffs/ffs_snapshot.c     Wed Jan 17 18:18:33 2018        
(r328093)
@@ -648,7 +648,7 @@ loop:
         * keep us out of deadlock until the full one is ready.
         */
        if (xp == NULL) {
-               snapblklist = malloc(snaplistsize * sizeof(daddr_t),
+               snapblklist = mallocarray(snaplistsize, sizeof(daddr_t),
                    M_UFSMNT, M_WAITOK);
                blkp = &snapblklist[1];
                *blkp++ = lblkno(fs, fs->fs_sblockloc);
@@ -729,7 +729,7 @@ out1:
        /*
         * Allocate space for the full list of preallocated snapshot blocks.
         */
-       snapblklist = malloc(snaplistsize * sizeof(daddr_t),
+       snapblklist = mallocarray(snaplistsize, sizeof(daddr_t),
            M_UFSMNT, M_WAITOK);
        ip->i_snapblklist = &snapblklist[1];
        /*

Modified: head/sys/ufs/ffs/ffs_softdep.c
==============================================================================
--- head/sys/ufs/ffs/ffs_softdep.c      Wed Jan 17 17:58:24 2018        
(r328092)
+++ head/sys/ufs/ffs/ffs_softdep.c      Wed Jan 17 18:18:33 2018        
(r328093)
@@ -2466,7 +2466,8 @@ softdep_mount(devvp, mp, fs, cred)
        struct ufsmount *ump;
        struct cg *cgp;
        struct buf *bp;
-       int i, error, cyl;
+       u_int cyl, i;
+       int error;
 
        sdp = malloc(sizeof(struct mount_softdeps), M_MOUNTDATA,
            M_WAITOK | M_ZERO);
@@ -2500,7 +2501,7 @@ softdep_mount(devvp, mp, fs, cred)
        ump->bmsafemap_hashtbl = hashinit(1024, M_BMSAFEMAP,
            &ump->bmsafemap_hash_size);
        i = 1 << (ffs(desiredvnodes / 10) - 1);
-       ump->indir_hashtbl = malloc(i * sizeof(struct indir_hashhead),
+       ump->indir_hashtbl = mallocarray(i, sizeof(struct indir_hashhead),
            M_FREEWORK, M_WAITOK);
        ump->indir_hash_size = i - 1;
        for (i = 0; i <= ump->indir_hash_size; i++)
@@ -2627,8 +2628,8 @@ jblocks_create(void)
        jblocks = malloc(sizeof(*jblocks), M_JBLOCKS, M_WAITOK | M_ZERO);
        TAILQ_INIT(&jblocks->jb_segs);
        jblocks->jb_avail = 10;
-       jblocks->jb_extent = malloc(sizeof(struct jextent) * jblocks->jb_avail,
-           M_JBLOCKS, M_WAITOK | M_ZERO);
+       jblocks->jb_extent = mallocarray(jblocks->jb_avail,
+           sizeof(struct jextent), M_JBLOCKS, M_WAITOK | M_ZERO);
 
        return (jblocks);
 }
@@ -2713,7 +2714,7 @@ jblocks_add(jblocks, daddr, blocks)
        /* Adding a new extent. */
        if (++jblocks->jb_used == jblocks->jb_avail) {
                jblocks->jb_avail *= 2;
-               jext = malloc(sizeof(struct jextent) * jblocks->jb_avail,
+               jext = mallocarray(jblocks->jb_avail, sizeof(struct jextent),
                    M_JBLOCKS, M_WAITOK | M_ZERO);
                memcpy(jext, jblocks->jb_extent,
                    sizeof(struct jextent) * jblocks->jb_used);

Modified: head/sys/ufs/ufs/ufs_vnops.c
==============================================================================
--- head/sys/ufs/ufs/ufs_vnops.c        Wed Jan 17 17:58:24 2018        
(r328092)
+++ head/sys/ufs/ufs/ufs_vnops.c        Wed Jan 17 18:18:33 2018        
(r328093)
@@ -2170,7 +2170,7 @@ ufs_readdir(ap)
        off_t offset, startoffset;
        size_t readcnt, skipcnt;
        ssize_t startresid;
-       int ncookies;
+       u_int ncookies;
        int error;
 
        if (uio->uio_offset < 0)
@@ -2185,7 +2185,8 @@ ufs_readdir(ap)
                else if (ip->i_size - uio->uio_offset < ncookies)
                        ncookies = ip->i_size - uio->uio_offset;
                ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
-               cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
+               cookies = mallocarray(ncookies, sizeof(*cookies), M_TEMP,
+                   M_WAITOK);
                *ap->a_ncookies = ncookies;
                *ap->a_cookies = cookies;
        } else {
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to