From patchwork Thu May 21 02:36:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 19790 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 528CC448A5C for ; Thu, 21 May 2020 05:37:37 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 37A7268AD2F; Thu, 21 May 2020 05:37:37 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 68FE768AA7F for ; Thu, 21 May 2020 05:37:30 +0300 (EEST) Received: by mail-wr1-f67.google.com with SMTP id l11so5193980wru.0 for ; Wed, 20 May 2020 19:37:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qs10Y/DogxWpy/vTfDYr0svFvMTCF33octCuzB9RpMU=; b=kYNEx6/AqXXXSN03rImlYfxj9JOX73h1SOFJHcrwfX6kZ1CWTaEmFKvoAxQSOB/PPP FkwF7dCTfbYBDXky0t85DQKuzh7EWs6Q7VFQohB0rfyZIUuQJrN6szs4squFDMglhdAt LCVM4vZjZ/pq+D3020IYT/lDcRC/7N4yNe8RUm2L5Imgye83AMxnS1Tb2fGq6ONdo9js /6ivQdwDuOrfLFmUSx8u9wpJAU8tBV6MgPrBjQ52L5VhbQvFiS/Wug9PdNLDT7c/CKO+ n+QtpRPJ2WXCCWDPOsocOrNzJIPlej1+ZjUMeNCEwlyujBxqnAF1XEFvA9Kg8HgHbOJP k0VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qs10Y/DogxWpy/vTfDYr0svFvMTCF33octCuzB9RpMU=; b=npF2a+M+c7kh7cq+OfYPR0LV5LZumgtJRQs/UTq+dYYAISZP2BSGG1ui3bnaEm24CO sg9nyRlMjA5csHxXqUt8ULG/hxPLoShxsBGv+Zp4Rb4mM1e+/Adi8YBXt8RZB+SL3X05 mp0i8ruGxuAqCrNOBPMKriIYVxQvN5d74Hf6qxDhd2ydbkw3RHfm7LFRyquByW6YuTuJ Ia9Q9siboANFaVBtKB1lDihIlkL38uOhvTu1tyt12T7H+EFNqZxC1bk+FvA28Agy9ryR KCW7+qXa95qKyVefuG7txBq4lbfHX5xBPmXgKNSSlwBcMLgRvqMyz+EwP5A5+kqJk+JO rdGw== X-Gm-Message-State: AOAM5306jRev1aDT+nYn0xQ/v0r9EEF7s9+Be3UoZSfwtx7MPyl9LkXv JxqV9JR0hlQe9J9rMyVzlKvIodP3 X-Google-Smtp-Source: ABdhPJx1fqfN8OWX/+5rMaHatyMB1YwgxgQjGOhBUfRVrCszuTEH0dDiztr5+0cy9kltVuZKl6F0ow== X-Received: by 2002:a5d:4dc3:: with SMTP id f3mr2898522wru.417.1590028649433; Wed, 20 May 2020 19:37:29 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id w15sm4654073wrl.73.2020.05.20.19.37.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2020 19:37:28 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 21 May 2020 04:36:47 +0200 Message-Id: <20200521023647.27847-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200521023647.27847-1-andreas.rheinhardt@gmail.com> References: <20200521023647.27847-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/3] avutil/mem: Use max_alloc_size as-is X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The size of a single allocation performed by av_malloc() or av_realloc() is supposed to be bounded by max_alloc_size, which defaults to INT_MAX and can be set by the user; yet currently this is not completely honoured: The actual value used is max_alloc_size - 32. How this came to be can only be understood historically: a) 0ecca7a49f8e254c12a3a1de048d738bfbb614c6 disallowed allocations > INT_MAX. At that time the size parameter of av_malloc() was an unsigned and the commentary added ("lets disallow possible ambiguous cases") indicates that this was done as a precaution against calling the functions with negative int values. Genuinely limiting the size of allocations to INT_MAX doesn't seem to have been the intention given that at this time the memalign hack introduced in commit da9b170c6f06184a5114dc66afb8385cd0ffff83 (which when enabled increased the size of allocations slightly so that one can return a correctly aligned pointer that actually does not point to the beginning of the allocated buffer) was already present. b) Said memalign hack allocated 17 bytes more than actually desired, yet allocating 16 bytes more is actually enough and so this was changed in a9493601638b048c44751956d2360f215918800c; this commit also replaced INT_MAX by INT_MAX - 16 (and made the limit therefore a limit on the size of the allocated buffer), but kept the comment, although there is nothing ambiguous about allocating (INT_MAX - 16)..INT_MAX. c) 13dfce3d44f99a2d7df71aba8ae003d58db726f7 then increased 16 to 32 for AVX, 6b4c0be5586acad3bbafd7d2dd02a8328a5ab632 replaced INT_MAX by MAX_MALLOC_SIZE (which was of course defined to be INT_MAX) and 5a8e994287d8ef181c0a5eac537547d7059b4524 added max_alloc_size and made it user-selectable. d) 4fb311c804098d78e5ce5f527f9a9c37536d3a08 then dropped the memalign hack, yet it kept the -32 (probably because the comment about ambiguous cases was still present?), although it is no longer needed at all after this commit. Therefore this commit removes it and uses max_alloc_size directly. Signed-off-by: Andreas Rheinhardt --- libavutil/mem.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/libavutil/mem.c b/libavutil/mem.c index a29c224264..cfb6d8ab8f 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -78,8 +78,7 @@ void *av_malloc(size_t size) { void *ptr = NULL; - /* let's disallow possibly ambiguous cases */ - if (size > (max_alloc_size - 32)) + if (size > max_alloc_size) return NULL; #if HAVE_POSIX_MEMALIGN @@ -134,8 +133,7 @@ void *av_malloc(size_t size) void *av_realloc(void *ptr, size_t size) { - /* let's disallow possibly ambiguous cases */ - if (size > (max_alloc_size - 32)) + if (size > max_alloc_size) return NULL; #if HAVE_ALIGNED_MALLOC @@ -482,12 +480,12 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size) if (min_size <= *size) return ptr; - if (min_size > max_alloc_size - 32) { + if (min_size > max_alloc_size) { *size = 0; return NULL; } - min_size = FFMIN(max_alloc_size - 32, FFMAX(min_size + min_size / 16 + 32, min_size)); + min_size = FFMIN(max_alloc_size, FFMAX(min_size + min_size / 16 + 32, min_size)); ptr = av_realloc(ptr, min_size); /* we could set this to the unmodified min_size but this is safer