From patchwork Wed Jan 1 13:27:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 17114 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id BC7544490FA for ; Wed, 1 Jan 2020 15:28:14 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9224768AB16; Wed, 1 Jan 2020 15:28:14 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0F6A968A5BE for ; Wed, 1 Jan 2020 15:28:07 +0200 (EET) Received: by mail-wm1-f65.google.com with SMTP id p9so3550152wmc.2 for ; Wed, 01 Jan 2020 05:28:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=E4R7sJlmtGOizkp2ZaFOWA1oQfB9pQ8aWAUqDn5HQNU=; b=u5H5Vrw7Qffdu1XzHbfkhtNRN3VaDO6wkwsaAwHlQvkLFs0YayOWOn6VKSYpcvU9U4 KnWgHSoqm3qIVSMsfZlcbWGQBul32BJSQef1KLYcfFGLgR1hslBhB3tr1/PRHnU28h7l h88HPO6Dp996v+WXVNVOITilOCK+JnweOxBbaBYRmg5U0aLzqOPi6CyFpn37jQl4/D87 1HaGhLtwv03J9DnNz6m440n9KgrSaCjpxONEx1BZrWHpvXLtKBsN7csMT/Z8GYD4vxjt GlcpjQYV422mb0aRLkYa7XM3mTEMHx9NBttB1THdteAQQd4xGlAKVnGX9SaYbX0swI1d DJ9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=E4R7sJlmtGOizkp2ZaFOWA1oQfB9pQ8aWAUqDn5HQNU=; b=owtZ737WW/NCwd/01oI2fYlRIgWBsRzJMlA29dFOwe9AZXqGJfgOPDq4g9ZG+NBau+ PPDcVQMjDA8IP13UAw45hF66uuhZ08jYEToiqX3xUU1F8yRPun5R8CPhOCcXvsnIYm2q +REs9aizn4suAd7OZG+Miqv6CifI/DuQUgFM/mpfuoYKoTPFEu7dMzyCPynnxHNCC3Ha ggi8a2cPu6FxDgNbHESMDDXKvKQiEHxn25tx9jXroiTjmh0sDMptnVzwIWR5A2Jty/GG uhStKd0QjGYqN9DTschJn70mEt6ObljTE9WtwqNcY82WMyq4sa6CwRvKSlRR4sMg8n4E dsyQ== X-Gm-Message-State: APjAAAVm9gB77U0dvSoP7sLrVJ8yc8OFMeUz/wfVC312pDUZnD5vkh+/ wTT6zgszsnvsuLhdK1D0i+G1AY17 X-Google-Smtp-Source: APXvYqxSyqpJeAwDsJzeqEiWFSf8U6cohXM7oClHtEE+dGhTU7L+ceAOqO/0q2h1nNcCd6QWiP4mgg== X-Received: by 2002:a1c:f210:: with SMTP id s16mr9125140wmc.57.1577885286166; Wed, 01 Jan 2020 05:28:06 -0800 (PST) Received: from sblaptop.fritz.box (ipbcc08bbf.dynamic.kabel-deutschland.de. [188.192.139.191]) by smtp.gmail.com with ESMTPSA id f17sm5520462wmc.8.2020.01.01.05.28.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jan 2020 05:28:05 -0800 (PST) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 1 Jan 2020 14:27:57 +0100 Message-Id: <20200101132758.4452-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2 11/17] avutil/mem: Add av_fast_realloc_array() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This is an array-equivalent of av_fast_realloc(). Its advantages compared to using av_fast_realloc() for allocating arrays are as follows: a) It performs its own overflow checks for the multiplication that is implicit in array allocations. (And it only needs to perform these checks (as well as the multiplication itself) in case the array needs to be reallocated.) b) It allows to limit the number of elements to an upper bound given by the caller. This allows to restrict the number of allocated elements to fit into an int and therefore makes this function usable with counters of this type. It can also be used to avoid overflow checks in the caller: E.g. setting it to UINT_MAX - 1 elements makes it safe to increase the desired number of elements in steps of one. And it avoids overallocations in situations where one already has an upper bound. c) Should the caller have increased max_alloc_size, av_fast_realloc() could come in a situation where it allocates more than what fits into an unsigned. In this case the variable containing the allocated size (an unsigned) won't accurately reflect how much has been allocated. After this point, lots of reallocations will happen despite the buffer actually being big enough. d) av_fast_realloc_array() will always allocate in multiples of array elements; no memory is wasted with partial elements. e) By returning an int, av_fast_realloc_array() can distinguish between ordinary allocation failures (meriting AVERROR(ENOMEM)) and failures because of allocation limits (by returning AVERROR(ERANGE)). f) It is no longer possible for the user to accidentally lose the pointer by using ptr = av_fast_realloc(ptr, ...). Because of f) there is no need to set the number of allocated elements to zero on failure. av_fast_realloc() usually allocates size + size / 16 + 32 bytes if size bytes are desired and if the already existing buffer isn't big enough. av_fast_realloc_array() instead allocates nb + (nb + 14) / 16. Rounding up is done in order not to reallocate in steps of one if the current number is < 16; adding 14 instead of 15 has the effect of only allocating one element if one element is desired. This is done with an eye towards applications where arrays might commonly only contain one element (as happens with the Matroska CueTrackPositions). Which of the two functions allocates faster depends upon the size of the elements. E.g. if the elements have a size of 32B and the desired size is incremented in steps of one, allocations happen at 1, 3, 5, 7, 9, 11, 13, 15, 17, 20, 23, 26 ... for av_fast_realloc(), 1, 2, 4, 6, 8, 10, 12, 14, 16, 18, 21, 24 ... for av_fast_realloc_array(). For element sizes of 96B, the numbers are 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 21, 23, 25, 27, 30 ... for av_fast_realloc() whereas the pattern for av_fast_realloc_array() is unchanged. Signed-off-by: Andreas Rheinhardt --- Switched to returning an int and added the max_nb parameter. What has not been done is switching to size_t. This function can still be turned into a wrapper for a size_t function if the need for such a function arises. Furthermore, I have found that several reallocation functions don't abide by their documented behaviour: "If `size` is zero, free the memory block pointed to by `ptr`." says the documentation of av_realloc, av_reallocp, av_realloc_f (implicitly); av_realloc_array and av_reallocp_array claim to free the memory block in case the number of elements to allocate is zero. Yet realloc allocates size + !size bytes. av_realloc_f (calling av_realloc) does also not free its array in case zero elements should be allocated (or if the size of an element is zero). av_reallocp does what its documentation says; av_realloc_array (relying on av_realloc) and av_reallocp_array (relying on av_realloc_f) don't. Changing the behaviour of av_realloc to match its documentation leads to lots of failing FATE-tests, so I suggest updating the documentation to match actual behaviour. Finally, there is no check in av_max_alloc that the new max is actually bigger than 32; this is a problem given that max_alloc_size - 32 is the real limit. Maybe the 32 should simply be dropped (and the default value be set to INT_MAX - 32 if it is deemed important)? (And why 32? I would have expected AV_INPUT_BUFFER_PADDING_SIZE or so.) doc/APIchanges | 3 +++ libavutil/mem.c | 32 ++++++++++++++++++++++++++++++++ libavutil/mem.h | 28 ++++++++++++++++++++++++++++ libavutil/version.h | 2 +- 4 files changed, 64 insertions(+), 1 deletion(-) diff --git a/doc/APIchanges b/doc/APIchanges index 3c24dc6fbc..7feca58e98 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -15,6 +15,9 @@ libavutil: 2017-10-21 API changes, most recent first: +2020-01-01 - xxxxxxxxxx - lavu 56.39.100 - mem.h + Add av_fast_realloc_array(). + 2019-12-27 - xxxxxxxxxx - lavu 56.38.100 - eval.h Add av_expr_count_func(). diff --git a/libavutil/mem.c b/libavutil/mem.c index 88fe09b179..56c82fcee7 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -497,6 +497,38 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size) return ptr; } +int av_fast_realloc_array(void *ptr, unsigned *nb_allocated, + unsigned min_nb, unsigned max_nb, size_t elsize) +{ + void *array; + unsigned nb; + + if (min_nb <= *nb_allocated) + return 0; + + max_nb = FFMIN(max_nb, (max_alloc_size - 32) / elsize); + + if (min_nb > max_nb) + return AVERROR(ERANGE); + + nb = min_nb + (min_nb + 14) / 16; + + /* If min_nb is so big that the above calculation overflowed, + * just allocate as much as we are allowed to. */ + nb = nb < min_nb ? max_nb : FFMIN(nb, max_nb); + + memcpy(&array, ptr, sizeof(array)); + + array = av_realloc(array, nb * elsize); + if (!array) + return AVERROR(ENOMEM); + + memcpy(ptr, &array, sizeof(array)); + *nb_allocated = nb; + + return 0; +} + void av_fast_malloc(void *ptr, unsigned int *size, size_t min_size) { ff_fast_malloc(ptr, size, min_size, 0); diff --git a/libavutil/mem.h b/libavutil/mem.h index 5fb1a02dd9..e05550f363 100644 --- a/libavutil/mem.h +++ b/libavutil/mem.h @@ -370,11 +370,39 @@ int av_reallocp_array(void *ptr, size_t nmemb, size_t size); * @return `ptr` if the buffer is large enough, a pointer to newly reallocated * buffer if the buffer was not large enough, or `NULL` in case of * error + * @see av_fast_realloc_array() * @see av_realloc() * @see av_fast_malloc() */ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size); +/** + * Reallocate the given array if it is not large enough, otherwise do nothing. + * + * If `ptr` points to `NULL`, then a new uninitialized array is allocated. + * + * @param[in,out] ptr Pointer to `NULL` or an already allocated array. + * `*ptr` will be set to point to the new array. + * @param[in,out] nb_allocated Pointer to the number of elements of the array + * `*ptr`. `*nb_allocated` is updated to the new + * number of allocated elements. + * @param[in] min_nb Desired minimal number of elements in array `*ptr` + * @param[in] max_nb Maximal number of elements to allocate. + * @param[in] elsize Size of a single element of the array. + * Must not be zero. + * @return 0 on success, < 0 on failure. On failure, `*ptr` is not freed and + * `*ptr` as well as `*nb_allocated` are unchanged. + * @note `max_nb` can be used to limit allocations and make this function usable + * with counters of type int. It can also be used to avoid overflow checks + * in callers: E.g. setting it to `UINT_MAX - 1` means that incrementing + * an unsigned in steps of one need not be checked for overflow. + * @see av_fast_realloc() + * @see av_realloc() + * @see av_fast_malloc() + */ +int av_fast_realloc_array(void *ptr, unsigned *nb_allocated, + unsigned min_nb, unsigned max_nb, size_t elsize); + /** * Allocate a buffer, reusing the given one if large enough. * diff --git a/libavutil/version.h b/libavutil/version.h index af8f614aff..2bc1b98615 100644 --- a/libavutil/version.h +++ b/libavutil/version.h @@ -79,7 +79,7 @@ */ #define LIBAVUTIL_VERSION_MAJOR 56 -#define LIBAVUTIL_VERSION_MINOR 38 +#define LIBAVUTIL_VERSION_MINOR 39 #define LIBAVUTIL_VERSION_MICRO 100 #define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \