X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=src%2Fguestfs.c;h=350d84817157a25f61f2dbc5bdac0688063d1902;hp=2d4db66ce547b1ef106ac258093b1d744a83a5d9;hb=2018441f426aac5a6e48fc6d7cf8155122706215;hpb=4513f2ec7b6aa843005ba886cdd1747b6ff00915 diff --git a/src/guestfs.c b/src/guestfs.c index 2d4db66..350d848 100644 --- a/src/guestfs.c +++ b/src/guestfs.c @@ -1,5 +1,5 @@ /* libguestfs - * Copyright (C) 2009 Red Hat Inc. + * Copyright (C) 2009 Red Hat Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -453,6 +454,42 @@ guestfs_safe_malloc (guestfs_h *g, size_t nbytes) return ptr; } +/* Return 1 if an array of N objects, each of size S, cannot exist due + to size arithmetic overflow. S must be positive and N must be + nonnegative. This is a macro, not an inline function, so that it + works correctly even when SIZE_MAX < N. + + By gnulib convention, SIZE_MAX represents overflow in size + calculations, so the conservative dividend to use here is + SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value. + However, malloc (SIZE_MAX) fails on all known hosts where + sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for + exactly-SIZE_MAX allocations on such hosts; this avoids a test and + branch when S is known to be 1. */ +# define xalloc_oversized(n, s) \ + ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n)) + +/* Technically we should add an autoconf test for this, testing for the desired + functionality, like what's done in gnulib, but for now, this is fine. */ +#define HAVE_GNU_CALLOC (__GLIBC__ >= 2) + +/* Allocate zeroed memory for N elements of S bytes, with error + checking. S must be nonzero. */ +void * +guestfs_safe_calloc (guestfs_h *g, size_t n, size_t s) +{ + /* From gnulib's calloc function in xmalloc.c. */ + void *p; + /* Test for overflow, since some calloc implementations don't have + proper overflow checks. But omit overflow and size-zero tests if + HAVE_GNU_CALLOC, since GNU calloc catches overflow and never + returns NULL if successful. */ + if ((! HAVE_GNU_CALLOC && xalloc_oversized (n, s)) + || (! (p = calloc (n, s)) && (HAVE_GNU_CALLOC || n != 0))) + g->abort_cb (); + return p; +} + void * guestfs_safe_realloc (guestfs_h *g, void *ptr, int nbytes) { @@ -708,7 +745,7 @@ guestfs_add_drive (guestfs_h *g, const char *filename) } /* cache=off improves reliability in the event of a host crash. */ - snprintf (buf, len, "file=%s,cache=off,if=virtio", filename); + snprintf (buf, len, "file=%s,cache=off,if=%s", filename, DRIVE_IF); return guestfs_config (g, "-drive", buf); } @@ -729,7 +766,7 @@ guestfs_add_drive_ro (guestfs_h *g, const char *filename) return -1; } - snprintf (buf, len, "file=%s,snapshot=on,if=virtio", filename); + snprintf (buf, len, "file=%s,snapshot=on,if=%s", filename, DRIVE_IF); return guestfs_config (g, "-drive", buf); } @@ -1473,6 +1510,13 @@ guestfs_free_lvm_lv_list (struct guestfs_lvm_lv_list *x) free (x); } +void +guestfs_free_dirent_list (struct guestfs_dirent_list *x) +{ + xdr_free ((xdrproc_t) xdr_guestfs_int_dirent_list, (char *) x); + free (x); +} + /* We don't know if stdout_event or sock_read_event will be the * first to receive EOF if the qemu process dies. This function * has the common cleanup code for both.