Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / 32ade4cedf8e3a22009fdf553600425fb38cfc4e / . / include / private / SkMalloc.h
blob: 0e41073b0b5d892b30aef2516890fb59c68ef03d [file] [log] [blame]
Herb Derbyd7b34a52017-03-20 11:19:23 -0400[diff] [blame]1/*
2 * Copyright 2017 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
Herb Derbyb549cc32017-03-27 13:35:15 -0400[diff] [blame]8#ifndef SkMalloc_DEFINED
9#define SkMalloc_DEFINED
Herb Derbyd7b34a52017-03-20 11:19:23 -0400[diff] [blame]10
11#include <cstddef>
12#include <cstring>
13
Mike Reed7edde232018-01-04 13:52:07 -0500[diff] [blame]14#include "SkTypes.h"
Herb Derbyd7b34a52017-03-20 11:19:23 -0400[diff] [blame]15
16/*
17 memory wrappers to be implemented by the porting layer (platform)
18*/
19
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]20
21/** Free memory returned by sk_malloc(). It is safe to pass null. */
Herb Derbyd7b34a52017-03-20 11:19:23 -0400[diff] [blame]22SK_API extern void sk_free(void*);
23
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]24/**
25 * Called internally if we run out of memory. The platform implementation must
26 * not return, but should either throw an exception or otherwise exit.
27 */
28SK_API extern void sk_out_of_memory(void);
29
30enum {
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]31 /**
32 * If this bit is set, the returned buffer must be zero-initialized. If this bit is not set
33 * the buffer can be uninitialized.
34 */
35 SK_MALLOC_ZERO_INITIALIZE = 1 << 0,
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]36
37 /**
38 * If this bit is set, the implementation must throw/crash/quit if the request cannot
39 * be fulfilled. If this bit is not set, then it should return nullptr on failure.
40 */
41 SK_MALLOC_THROW = 1 << 1,
42};
43/**
44 * Return a block of memory (at least 4-byte aligned) of at least the specified size.
45 * If the requested memory cannot be returned, either return nullptr or throw/exit, depending
46 * on the SK_MALLOC_THROW bit. If the allocation succeeds, the memory will be zero-initialized
47 * if the SK_MALLOC_ZERO_INITIALIZE bit was set.
48 *
49 * To free the memory, call sk_free()
50 */
51SK_API extern void* sk_malloc_flags(size_t size, unsigned flags);
52
53/** Same as standard realloc(), but this one never returns null on failure. It will throw
54 * an exception if it fails.
55 */
56SK_API extern void* sk_realloc_throw(void* buffer, size_t size);
57
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]58static inline void* sk_malloc_throw(size_t size) {
59 return sk_malloc_flags(size, SK_MALLOC_THROW);
60}
61
62static inline void* sk_calloc_throw(size_t size) {
63 return sk_malloc_flags(size, SK_MALLOC_THROW | SK_MALLOC_ZERO_INITIALIZE);
64}
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]65
66static inline void* sk_calloc_canfail(size_t size) {
Kevin Lubick2416f962018-02-12 08:26:39 -0500[diff] [blame]67#if defined(IS_FUZZING_WITH_LIBFUZZER)
68 // The Libfuzzer environment is very susceptible to OOM, so to avoid those
69 // just pretend we can't allocate more than 200kb.
70 if (size > 200000) {
71 return nullptr;
72 }
73#endif
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]74 return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]75}
76
77// Performs a safe multiply count * elemSize, checking for overflow
78SK_API extern void* sk_calloc_throw(size_t count, size_t elemSize);
79SK_API extern void* sk_malloc_throw(size_t count, size_t elemSize);
80SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize);
81
82/**
83 * These variants return nullptr on failure
84 */
85static inline void* sk_malloc_canfail(size_t size) {
Kevin Lubick2416f962018-02-12 08:26:39 -0500[diff] [blame]86#if defined(IS_FUZZING_WITH_LIBFUZZER)
87 // The Libfuzzer environment is very susceptible to OOM, so to avoid those
88 // just pretend we can't allocate more than 200kb.
89 if (size > 200000) {
90 return nullptr;
91 }
92#endif
Mike Reed8dc8dbc2018-01-05 11:20:10 -0500[diff] [blame]93 return sk_malloc_flags(size, 0);
94}
95SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);
Herb Derbyd7b34a52017-03-20 11:19:23 -0400[diff] [blame]96
97// bzero is safer than memset, but we can't rely on it, so... sk_bzero()
98static inline void sk_bzero(void* buffer, size_t size) {
99 // Please c.f. sk_careful_memcpy. It's undefined behavior to call memset(null, 0, 0).
100 if (size) {
101 memset(buffer, 0, size);
102 }
103}
104
105/**
106 * sk_careful_memcpy() is just like memcpy(), but guards against undefined behavior.
107 *
108 * It is undefined behavior to call memcpy() with null dst or src, even if len is 0.
109 * If an optimizer is "smart" enough, it can exploit this to do unexpected things.
110 * memcpy(dst, src, 0);
111 * if (src) {
112 * printf("%x\n", *src);
113 * }
114 * In this code the compiler can assume src is not null and omit the if (src) {...} check,
115 * unconditionally running the printf, crashing the program if src really is null.
116 * Of the compilers we pay attention to only GCC performs this optimization in practice.
117 */
118static inline void* sk_careful_memcpy(void* dst, const void* src, size_t len) {
119 // When we pass >0 len we had better already be passing valid pointers.
120 // So we just need to skip calling memcpy when len == 0.
121 if (len) {
122 memcpy(dst,src,len);
123 }
124 return dst;
125}
126
Herb Derbyb549cc32017-03-27 13:35:15 -0400[diff] [blame]127#endif // SkMalloc_DEFINED