Malloc failure behavior now depends on size of allocation.
* lib/allocator.h (struct allocator.die): New size arg.
* lib/careadlinkat.c (careadlinkat): Pass size to 'die' function.
If the actual problem is an ssize_t limitation, not a size_t or
malloc failure, fail with errno == ENAMETOOLONG instead of calling 'die'.
[src/ChangeLog]
Malloc failure behavior now depends on size of allocation.
* alloc.c (buffer_memory_full, memory_full): New arg NBYTES.
* lisp.h: Change signatures accordingly.
* alloc.c, buffer.c, editfns.c, menu.c, minibuf.c, xterm.c:
All callers changed.
+2011-05-30 Paul Eggert <eggert@cs.ucla.edu>
+
+ Malloc failure behavior now depends on size of allocation.
+ * lib/allocator.h (struct allocator.die): New size arg.
+ * lib/careadlinkat.c (careadlinkat): Pass size to 'die' function.
+ If the actual problem is an ssize_t limitation, not a size_t or
+ malloc failure, fail with errno == ENAMETOOLONG instead of calling 'die'.
+
2011-05-29 Paul Eggert <eggert@cs.ucla.edu>
Adjust to recent gnulib change for @GUARD_PREFIX@.
/* Call FREE to free memory, like 'free'. */
void (*free) (void *);
- /* If nonnull, call DIE if MALLOC or REALLOC fails. DIE should not
- return. DIE can be used by code that detects memory overflow
- while calculating sizes to be passed to MALLOC or REALLOC. */
- void (*die) (void);
+ /* If nonnull, call DIE (SIZE) if MALLOC (SIZE) or REALLOC (...,
+ SIZE) fails. DIE should not return. SIZE should equal SIZE_MAX
+ if size_t overflow was detected while calculating sizes to be
+ passed to MALLOC or REALLOC. */
+ void (*die) (size_t);
};
/* An allocator using the stdlib functions and a null DIE function. */
if (buf == stack_buf)
{
char *b = (char *) alloc->allocate (link_size);
+ buf_size = link_size;
if (! b)
break;
memcpy (b, buf, link_size);
buf_size *= 2;
else if (buf_size < buf_size_max)
buf_size = buf_size_max;
+ else if (buf_size_max < SIZE_MAX)
+ {
+ errno = ENAMETOOLONG;
+ return NULL;
+ }
else
break;
buf = (char *) alloc->allocate (buf_size);
while (buf);
if (alloc->die)
- alloc->die ();
+ alloc->die (buf_size);
errno = ENOMEM;
return NULL;
}
2011-05-30 Paul Eggert <eggert@cs.ucla.edu>
+ Malloc failure behavior now depends on size of allocation.
+ * alloc.c (buffer_memory_full, memory_full): New arg NBYTES.
+ * lisp.h: Change signatures accordingly.
+ * alloc.c, buffer.c, editfns.c, menu.c, minibuf.c, xterm.c:
+ All callers changed.
+
* gnutls.c: Use Emacs's memory allocators.
Without this change, the gnutls library would invoke malloc etc.
directly, which causes problems on non-SYNC_INPUT hosts, and which
/* Called if we can't allocate relocatable space for a buffer. */
void
-buffer_memory_full (void)
+buffer_memory_full (EMACS_INT nbytes)
{
/* If buffers use the relocating allocator, no need to free
spare_memory, because we may have plenty of malloc space left
malloc. */
#ifndef REL_ALLOC
- memory_full ();
+ memory_full (nbytes);
#endif
/* This used to call error, but if we've run out of memory, we could
MALLOC_UNBLOCK_INPUT;
if (!val && size)
- memory_full ();
+ memory_full (size);
return val;
}
val = (POINTER_TYPE *) realloc (block, size);
MALLOC_UNBLOCK_INPUT;
- if (!val && size) memory_full ();
+ if (!val && size)
+ memory_full (size);
return val;
}
MALLOC_UNBLOCK_INPUT;
if (!val && nbytes)
- memory_full ();
+ memory_full (nbytes);
return val;
}
if (base == 0)
{
MALLOC_UNBLOCK_INPUT;
- memory_full ();
+ memory_full (ABLOCKS_BYTES);
}
aligned = (base == abase);
lisp_malloc_loser = base;
free (base);
MALLOC_UNBLOCK_INPUT;
- memory_full ();
+ memory_full (SIZE_MAX);
}
}
#endif
************************************************************************/
-/* Called if malloc returns zero. */
+/* Called if malloc (NBYTES) returns zero. If NBYTES == SIZE_MAX,
+ there may have been size_t overflow so that malloc was never
+ called, or perhaps malloc was invoked successfully but the
+ resulting pointer had problems fitting into a tagged EMACS_INT. In
+ either case this counts as memory being full even though malloc did
+ not fail. */
void
-memory_full (void)
+memory_full (size_t nbytes)
{
- int i;
+ /* Do not go into hysterics merely because a large request failed. */
+ int enough_free_memory = 0;
+ if (SPARE_MEMORY < nbytes)
+ {
+ void *p = malloc (SPARE_MEMORY);
+ if (p)
+ {
+ if (spare_memory[0])
+ free (p);
+ else
+ spare_memory[0] = p;
+ enough_free_memory = 1;
+ }
+ }
- Vmemory_full = Qt;
+ if (! enough_free_memory)
+ {
+ int i;
- memory_full_cons_threshold = sizeof (struct cons_block);
+ Vmemory_full = Qt;
- /* The first time we get here, free the spare memory. */
- for (i = 0; i < sizeof (spare_memory) / sizeof (char *); i++)
- if (spare_memory[i])
- {
- if (i == 0)
- free (spare_memory[i]);
- else if (i >= 1 && i <= 4)
- lisp_align_free (spare_memory[i]);
- else
- lisp_free (spare_memory[i]);
- spare_memory[i] = 0;
- }
+ memory_full_cons_threshold = sizeof (struct cons_block);
+
+ /* The first time we get here, free the spare memory. */
+ for (i = 0; i < sizeof (spare_memory) / sizeof (char *); i++)
+ if (spare_memory[i])
+ {
+ if (i == 0)
+ free (spare_memory[i]);
+ else if (i >= 1 && i <= 4)
+ lisp_align_free (spare_memory[i]);
+ else
+ lisp_free (spare_memory[i]);
+ spare_memory[i] = 0;
+ }
- /* Record the space now used. When it decreases substantially,
- we can refill the memory reserve. */
+ /* Record the space now used. When it decreases substantially,
+ we can refill the memory reserve. */
#if !defined SYSTEM_MALLOC && !defined SYNC_INPUT
- bytes_used_when_full = BYTES_USED;
+ bytes_used_when_full = BYTES_USED;
#endif
+ }
/* This used to call error, but if we've run out of memory, we could
get infinite recursion trying to build the string. */
alloc_buffer_text (b, BUF_GAP_SIZE (b) + 1);
UNBLOCK_INPUT;
if (! BUF_BEG_ADDR (b))
- buffer_memory_full ();
+ buffer_memory_full (BUF_GAP_SIZE (b) + 1);
b->pt = BEG;
b->begv = BEG;
if (p == NULL)
{
UNBLOCK_INPUT;
- memory_full ();
+ memory_full (nbytes);
}
b->text->beg = (unsigned char *) p;
if (p == NULL)
{
UNBLOCK_INPUT;
- memory_full ();
+ memory_full (nbytes);
}
BUF_BEG_ADDR (b) = (unsigned char *) p;
{
EMACS_INT i;
if ((SIZE_MAX - formatlen) / sizeof (struct info) <= nargs)
- memory_full ();
+ memory_full (SIZE_MAX);
SAFE_ALLOCA (info, struct info *, (nargs + 1) * sizeof *info + formatlen);
discarded = (char *) &info[nargs + 1];
for (i = 0; i < nargs + 1; i++)
extern void reset_malloc_hooks (void);
extern void uninterrupt_malloc (void);
extern void malloc_warning (const char *);
-extern void memory_full (void) NO_RETURN;
-extern void buffer_memory_full (void) NO_RETURN;
+extern void memory_full (size_t) NO_RETURN;
+extern void buffer_memory_full (EMACS_INT) NO_RETURN;
extern int survives_gc_p (Lisp_Object);
extern void mark_object (Lisp_Object);
#if defined REL_ALLOC && !defined SYSTEM_MALLOC
grow_menu_items (void)
{
if ((INT_MAX - MENU_ITEMS_PANE_LENGTH) / 2 < menu_items_allocated)
- memory_full ();
+ memory_full (SIZE_MAX);
menu_items_allocated *= 2;
menu_items = larger_vector (menu_items, menu_items_allocated, Qnil);
}
len == size - 1 && line[len - 1] != '\n'))
{
if ((size_t) -1 / 2 < size)
- memory_full ();
+ memory_full (SIZE_MAX);
size *= 2;
line = (char *) xrealloc (line, size);
}
size_t old_nbytes = scroll_bar_windows_size * sizeof *scroll_bar_windows;
if ((size_t) -1 / sizeof *scroll_bar_windows < new_size)
- memory_full ();
+ memory_full (SIZE_MAX);
scroll_bar_windows = (struct window **) xrealloc (scroll_bar_windows,
nbytes);
memset (&scroll_bar_windows[i], 0, nbytes - old_nbytes);