/* xalloc.h -- malloc with out-of-memory checking
Copyright (C) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998,
- 1999, 2000, 2003 Free Software Foundation, Inc.
+ 1999, 2000, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#ifndef XALLOC_H_
# define XALLOC_H_
-# include <stdbool.h>
# include <stddef.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+
# ifndef __attribute__
# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) || __STRICT_ANSI__
# define __attribute__(x)
# define ATTRIBUTE_NORETURN __attribute__ ((__noreturn__))
# endif
-/* If this pointer is non-zero, run the specified function upon each
- allocation failure. It is initialized to zero. */
-extern void (*xalloc_fail_func) (void);
-
-/* If XALLOC_FAIL_FUNC is undefined or a function that returns, this
- message is output. It is translated via gettext.
- Its value is "memory exhausted". */
-extern char const xalloc_msg_memory_exhausted[];
-
-/* This function is always triggered when memory is exhausted. It is
- in charge of honoring the two previous items. It exits with status
- exit_failure (defined in exitfail.h). This is the
+/* This function is always triggered when memory is exhausted.
+ It must be defined by the application, either explicitly
+ or by using gnulib's xalloc-die module. This is the
function to call when one wants the program to die because of a
memory allocation failure. */
extern void xalloc_die (void) ATTRIBUTE_NORETURN;
void *xclone (void const *p, size_t s);
char *xstrdup (const char *str);
-/* Return true if an array of N objects, each of size S, cannot exist
- due to size arithmetic overflow. S must be nonzero. */
-
-static inline bool
-xalloc_oversized (size_t n, size_t s)
-{
- size_t size_max = -1;
- return size_max / s < n;
-}
+/* Return 1 if an array of N objects, each of size S, cannot exist due
+ to size arithmetic overflow. S must be positive and N must be
+ nonnegative. This is a macro, not an inline function, so that it
+ works correctly even when SIZE_MAX < N.
+
+ By gnulib convention, SIZE_MAX represents overflow in size
+ calculations, so the conservative dividend to use here is
+ SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value.
+ However, malloc (SIZE_MAX) fails on all known hosts where
+ sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for
+ exactly-SIZE_MAX allocations on such hosts; this avoids a test and
+ branch when S is known to be 1. */
+# define xalloc_oversized(n, s) \
+ ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n))
/* These macros are deprecated; they will go away soon, and are retained
temporarily only to ease conversion to the functions described above. */
# define XREALLOC(p, type, n) xnrealloc (p, n, sizeof (type))
# define XFREE(p) free (p)
+
+# ifdef __cplusplus
+}
+# endif
+
+
#endif /* !XALLOC_H_ */