X-Git-Url: https://git.ozlabs.org/?p=ccan;a=blobdiff_plain;f=ccan%2Ftal%2Ftal.c;h=0b5e8e445674720f288819c9d2370e1a80d14c64;hp=ffe2d71334dce4473d57243bca0827aaa5fee565;hb=e03d7ecb505cb73ff244708323b0f1a5a0c5cd7a;hpb=7ca46909f86e8bbad4e4bb19cac1a75d4ebf3df6

diff --git a/ccan/tal/tal.c b/ccan/tal/tal.c
index ffe2d713..0b5e8e44 100644
--- a/ccan/tal/tal.c
+++ b/ccan/tal/tal.c
@@ -3,6 +3,7 @@
 #include <ccan/compiler/compiler.h>
 #include <ccan/hash/hash.h>
 #include <ccan/list/list.h>
+#include <ccan/take/take.h>
 #include <assert.h>
 #include <stdio.h>
 #include <stdarg.h>
@@ -103,12 +104,14 @@ static struct group *next_group(struct group *group)
 	return list_entry(group->list.n.next, struct group, list.n);
 }
 
-static bool atexit_set = false;
+static bool initialized = false;
+
 /* This means valgrind can see leaks. */
-static void unlink_null(void)
+static void tal_cleanup(void)
 {
 	struct group *i, *next;
 
+	/* Unlink null_parent. */
 	for (i = next_group(&null_parent.c.group);
 	     i != &null_parent.c.group;
 	     i = next) {
@@ -116,6 +119,15 @@ static void unlink_null(void)
 		freefn(i);
 	}
 	null_parent.c.group.first_child = NULL;
+
+	/* Cleanup any taken pointers. */
+	take_cleanup();
+}
+
+/* For allocation failures inside ccan/take */
+static void take_alloc_failed(const void *p)
+{
+	tal_free(p);
 }
 
 #ifndef NDEBUG
@@ -332,9 +344,10 @@ static bool add_child(struct tal_hdr *parent, struct tal_hdr *child)
 	if (unlikely(!group->first_child)) {
 		assert(group == &children->group);
 		/* This hits on first child appended to null parent. */
-		if (unlikely(!atexit_set)) {
-			atexit(unlink_null);
-			atexit_set = true;
+		if (unlikely(!initialized)) {
+			atexit(tal_cleanup);
+			take_allocfail(take_alloc_failed);
+			initialized = true;
 		}
 		/* Link group into this child, make it the first one. */
 		group->hdr.next = child->prop;
@@ -665,6 +678,12 @@ bool tal_resize_(tal_t **ctxp, size_t size)
 
         old_t = debug_tal(to_tal_hdr(*ctxp));
 
+	/* Don't hand silly sizes to realloc. */
+	if (size >> (CHAR_BIT*sizeof(size) - 1)) {
+		call_error("Reallocation size overflow");
+		return false;
+	}
+
         t = resizefn(old_t, size + sizeof(struct tal_hdr));
 	if (!t) {
 		call_error("Reallocation failure");
@@ -699,7 +718,7 @@ bool tal_resize_(tal_t **ctxp, size_t size)
 
 char *tal_strdup(const tal_t *ctx, const char *p)
 {
-	return tal_memdup(ctx, p, strlen(p)+1);
+	return tal_dup(ctx, char, p, strlen(p)+1, 0);
 }
 
 char *tal_strndup(const tal_t *ctx, const char *p, size_t n)
@@ -708,20 +727,39 @@ char *tal_strndup(const tal_t *ctx, const char *p, size_t n)
 
 	if (strlen(p) < n)
 		n = strlen(p);
-	ret = tal_memdup(ctx, p, n+1);
+	ret = tal_dup(ctx, char, p, n, 1);
 	if (ret)
 		ret[n] = '\0';
 	return ret;
 }
 
-void *tal_memdup(const tal_t *ctx, const void *p, size_t n)
+void *tal_dup_(const tal_t *ctx, const void *p, size_t n, size_t extra,
+	       const char *label)
 {
 	void *ret;
 
-	if (ctx == TAL_TAKE)
-		return (void *)p;
+	/* Beware overflow! */
+	if (n + extra < n || n + extra + sizeof(struct tal_hdr) < n) {
+		call_error("dup size overflow");
+		if (taken(p))
+			tal_free(p);
+		return NULL;
+	}
 
-	ret = tal_arr(ctx, char, n);
+	if (taken(p)) {
+		if (unlikely(!p))
+			return NULL;
+		if (unlikely(!tal_resize_((void **)&p, n + extra))) {
+			tal_free(p);
+			return NULL;
+		}
+		if (unlikely(!tal_steal(ctx, p))) {
+			tal_free(p);
+			return NULL;
+		}
+		return (void *)p;
+	}
+	ret = tal_alloc_(ctx, n + extra, false, label);
 	if (ret)
 		memcpy(ret, p, n);
 	return ret;
@@ -745,11 +783,7 @@ char *tal_vasprintf(const tal_t *ctx, const char *fmt, va_list ap)
 	char *buf;
 	int ret;
 
-	if (ctx == TAL_TAKE)
-		buf = tal_arr(tal_parent(fmt), char, max);
-	else
-		buf = tal_arr(ctx, char, max);
-
+	buf = tal_arr(ctx, char, max);
 	while (buf) {
 		va_list ap2;
 
@@ -764,7 +798,7 @@ char *tal_vasprintf(const tal_t *ctx, const char *fmt, va_list ap)
 			buf = NULL;
 		}
 	}
-	if (ctx == TAL_TAKE)
+	if (taken(fmt))
 		tal_free(fmt);
 	return buf;
 }