1 /*
2 * Copyright 2017 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #ifndef SkMalloc_DEFINED
9 #define SkMalloc_DEFINED
10
11 #include <cstring>
12
13 #include "include/private/base/SkAPI.h"
14
15 /*
16 memory wrappers to be implemented by the porting layer (platform)
17 */
18
19
20 /** Free memory returned by sk_malloc(). It is safe to pass null. */
21 SK_API extern void sk_free(void*);
22
23 /**
24 * Called internally if we run out of memory. The platform implementation must
25 * not return, but should either throw an exception or otherwise exit.
26 */
27 SK_API extern void sk_out_of_memory(void);
28
29 enum {
30 /**
31 * If this bit is set, the returned buffer must be zero-initialized. If this bit is not set
32 * the buffer can be uninitialized.
33 */
34 SK_MALLOC_ZERO_INITIALIZE = 1 << 0,
35
36 /**
37 * If this bit is set, the implementation must throw/crash/quit if the request cannot
38 * be fulfilled. If this bit is not set, then it should return nullptr on failure.
39 */
40 SK_MALLOC_THROW = 1 << 1,
41 };
42 /**
43 * Return a block of memory (at least 4-byte aligned) of at least the specified size.
44 * If the requested memory cannot be returned, either return nullptr or throw/exit, depending
45 * on the SK_MALLOC_THROW bit. If the allocation succeeds, the memory will be zero-initialized
46 * if the SK_MALLOC_ZERO_INITIALIZE bit was set.
47 *
48 * To free the memory, call sk_free()
49 */
50 SK_API extern void* sk_malloc_flags(size_t size, unsigned flags);
51
52 /** Same as standard realloc(), but this one never returns null on failure. It will throw
53 * if it fails.
54 * If size is 0, it will call sk_free on buffer and return null. (This behavior is implementation-
55 * defined for normal realloc. We follow what glibc does.)
56 */
57 SK_API extern void* sk_realloc_throw(void* buffer, size_t size);
58
59 /**
60 * Return the size of the block of memory allocated in reality for a given pointer. The pointer
61 * passed must have been allocated using the sk_malloc_* or sk_realloc_* functions. The "size"
62 * parameter indicates the size originally requested when the memory block was allocated, and
63 * the value returned by this function must be bigger or equal to it.
64 */
65 SK_API extern size_t sk_malloc_size(void* addr, size_t size);
66
sk_malloc_throw(size_t size)67 static inline void* sk_malloc_throw(size_t size) {
68 return sk_malloc_flags(size, SK_MALLOC_THROW);
69 }
70
sk_calloc_throw(size_t size)71 static inline void* sk_calloc_throw(size_t size) {
72 return sk_malloc_flags(size, SK_MALLOC_THROW | SK_MALLOC_ZERO_INITIALIZE);
73 }
74
sk_calloc_canfail(size_t size)75 static inline void* sk_calloc_canfail(size_t size) {
76 #if defined(SK_BUILD_FOR_FUZZER)
77 // To reduce the chance of OOM, pretend we can't allocate more than 200kb.
78 if (size > 200000) {
79 return nullptr;
80 }
81 #endif
82 return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
83 }
84
85 // Performs a safe multiply count * elemSize, checking for overflow
86 SK_API extern void* sk_calloc_throw(size_t count, size_t elemSize);
87 SK_API extern void* sk_malloc_throw(size_t count, size_t elemSize);
88 SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize);
89
90 /**
91 * These variants return nullptr on failure
92 */
sk_malloc_canfail(size_t size)93 static inline void* sk_malloc_canfail(size_t size) {
94 #if defined(SK_BUILD_FOR_FUZZER)
95 // To reduce the chance of OOM, pretend we can't allocate more than 200kb.
96 if (size > 200000) {
97 return nullptr;
98 }
99 #endif
100 return sk_malloc_flags(size, 0);
101 }
102 SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);
103
104 // bzero is safer than memset, but we can't rely on it, so... sk_bzero()
sk_bzero(void * buffer,size_t size)105 static inline void sk_bzero(void* buffer, size_t size) {
106 // Please c.f. sk_careful_memcpy. It's undefined behavior to call memset(null, 0, 0).
107 if (size) {
108 memset(buffer, 0, size);
109 }
110 }
111
112 /**
113 * sk_careful_memcpy() is just like memcpy(), but guards against undefined behavior.
114 *
115 * It is undefined behavior to call memcpy() with null dst or src, even if len is 0.
116 * If an optimizer is "smart" enough, it can exploit this to do unexpected things.
117 * memcpy(dst, src, 0);
118 * if (src) {
119 * printf("%x\n", *src);
120 * }
121 * In this code the compiler can assume src is not null and omit the if (src) {...} check,
122 * unconditionally running the printf, crashing the program if src really is null.
123 * Of the compilers we pay attention to only GCC performs this optimization in practice.
124 */
sk_careful_memcpy(void * dst,const void * src,size_t len)125 static inline void* sk_careful_memcpy(void* dst, const void* src, size_t len) {
126 // When we pass >0 len we had better already be passing valid pointers.
127 // So we just need to skip calling memcpy when len == 0.
128 if (len) {
129 memcpy(dst,src,len);
130 }
131 return dst;
132 }
133
sk_careful_memmove(void * dst,const void * src,size_t len)134 static inline void* sk_careful_memmove(void* dst, const void* src, size_t len) {
135 // When we pass >0 len we had better already be passing valid pointers.
136 // So we just need to skip calling memcpy when len == 0.
137 if (len) {
138 memmove(dst,src,len);
139 }
140 return dst;
141 }
142
sk_careful_memcmp(const void * a,const void * b,size_t len)143 static inline int sk_careful_memcmp(const void* a, const void* b, size_t len) {
144 // When we pass >0 len we had better already be passing valid pointers.
145 // So we just need to skip calling memcmp when len == 0.
146 if (len == 0) {
147 return 0; // we treat zero-length buffers as "equal"
148 }
149 return memcmp(a, b, len);
150 }
151
152 #endif // SkMalloc_DEFINED
153