X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Fmalloca.h;h=fb560e76b3d300bd05a1b56c74de23cee92a060c;hb=969fe755730d23ba7ff21ae7511f66067d0a94d8;hp=2f74b9617012850dff8bc9e126c3b3d927079e2f;hpb=6418675e9be058535f73e5fabfc8085f4fdd08b1;p=gnulib.git

diff --git a/lib/malloca.h b/lib/malloca.h
index 2f74b9617..fb560e76b 100644
--- a/lib/malloca.h
+++ b/lib/malloca.h
@@ -1,5 +1,5 @@
 /* Safe automatic memory allocation.
-   Copyright (C) 2003-2007 Free Software Foundation, Inc.
+   Copyright (C) 2003-2007, 2009-2010 Free Software Foundation, Inc.
    Written by Bruno Haible <bruno@clisp.org>, 2003.
 
    This program is free software; you can redistribute it and/or modify
@@ -54,7 +54,7 @@ extern "C" {
    the function returns.  Upon failure, it returns NULL.  */
 #if HAVE_ALLOCA
 # define malloca(N) \
-  ((N) < 4032 - sa_increment					    \
+  ((N) < 4032 - sa_increment                                        \
    ? (void *) ((char *) alloca ((N) + sa_increment) + sa_increment) \
    : mmalloca (N))
 #else
@@ -70,9 +70,19 @@ extern void freea (void *p);
 # define freea free
 #endif
 
-/* Maybe we should also define a variant
-    nmalloca (size_t n, size_t s) - behaves like malloca (n * s)
-   If this would be useful in your application. please speak up.  */
+/* nmalloca(N,S) is an overflow-safe variant of malloca (N * S).
+   It allocates an array of N objects, each with S bytes of memory,
+   on the stack.  S must be positive and N must be nonnegative.
+   The array must be freed using freea() before the function returns.  */
+#if 1
+/* Cf. the definition of xalloc_oversized.  */
+# define nmalloca(n, s) \
+    ((n) > (size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) \
+     ? NULL \
+     : malloca ((n) * (s)))
+#else
+extern void * nmalloca (size_t n, size_t s);
+#endif
 
 
 #ifdef __cplusplus
@@ -112,10 +122,10 @@ enum
   sa_alignment_longdouble = sa_alignof (long double),
   sa_alignment_max = ((sa_alignment_long - 1) | (sa_alignment_double - 1)
 #if HAVE_LONG_LONG_INT
-		      | (sa_alignment_longlong - 1)
+                      | (sa_alignment_longlong - 1)
 #endif
-		      | (sa_alignment_longdouble - 1)
-		     ) + 1,
+                      | (sa_alignment_longdouble - 1)
+                     ) + 1,
 /* The increment that guarantees room for a magic word must be >= sizeof (int)
    and a multiple of sa_alignment_max.  */
   sa_increment = ((sizeof (int) + sa_alignment_max - 1) / sa_alignment_max) * sa_alignment_max