util: abort if we try to allocate more than a MB

The ssize_t cast upsets coverity for some reason but we can be a lot more restrictive here anyway. Quick analysis of the zalloc calls in the test suite show the largest allocation is 9204 bytes. Let's put a cap on for one MB, anything above that is likely some memory corruption and should be caught early. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Matheus Santana <embs@cin.ufpe.br>
2026-03-22 04:30:41 +01:00 · 2018-06-20 09:34:30 +10:00 · 2018-06-20 09:34:30 +10:00 · 793c8d51e8
commit 793c8d51e8
parent 4203ab52bf
2 changed files with 18 additions and 1 deletions
--- a/src/libinput-util.h
+++ b/src/libinput-util.h
@ -142,7 +142,9 @@ zalloc(size_t size)
 {
 	void *p;

-	if ((ssize_t)size < 0)
+	/* We never need to alloc anything even near one MB so we can assume
+	 * if we ever get above that something's going wrong */
+	if (size > 1024 * 1024)
 		abort();

 	p = calloc(1, size);
--- a/test/litest-selftest.c
+++ b/test/litest-selftest.c
@ -350,6 +350,19 @@ START_TEST(zalloc_overflow)
 }
 END_TEST

+START_TEST(zalloc_max_size)
+{
+	/* Built-in alloc maximum */
+	free(zalloc(1024 * 1024));
+}
+END_TEST
+
+START_TEST(zalloc_too_large)
+{
+	zalloc(1024 * 1024 + 1);
+}
+END_TEST
+
 static Suite *
 litest_assert_macros_suite(void)
 {
@ -415,7 +428,9 @@ litest_assert_macros_suite(void)
 	suite_add_tcase(s, tc);

 	tc = tcase_create("zalloc ");
+	tcase_add_test(tc, zalloc_max_size);
 	tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT);
+	tcase_add_test_raise_signal(tc, zalloc_too_large, SIGABRT);
 	suite_add_tcase(s, tc);

 	return s;