2 * PuTTY memory-handling header.
\r
5 #ifndef PUTTY_PUTTYMEM_H
\r
6 #define PUTTY_PUTTYMEM_H
\r
8 #include <stddef.h> /* for size_t */
\r
9 #include <string.h> /* for memcpy() */
\r
13 #define smalloc(z) safemalloc(z,1,0)
\r
14 #define snmalloc safemalloc
\r
15 #define srealloc(y,z) saferealloc(y,z,1)
\r
16 #define snrealloc saferealloc
\r
17 #define sfree safefree
\r
19 void *safemalloc(size_t factor1, size_t factor2, size_t addend);
\r
20 void *saferealloc(void *, size_t, size_t);
\r
21 void safefree(void *);
\r
24 * Direct use of smalloc within the code should be avoided where
\r
25 * possible, in favour of these type-casting macros which ensure you
\r
26 * don't mistakenly allocate enough space for one sort of structure
\r
27 * and assign it to a different sort of pointer. sresize also uses
\r
28 * TYPECHECK to verify that the _input_ pointer is a pointer to the
\r
31 #define snew(type) ((type *)snmalloc(1, sizeof(type), 0))
\r
32 #define snewn(n, type) ((type *)snmalloc((n), sizeof(type), 0))
\r
33 #define sresize(ptr, n, type) TYPECHECK((type *)0 == (ptr), \
\r
34 ((type *)snrealloc((ptr), (n), sizeof(type))))
\r
37 * For cases where you want to allocate a struct plus a subsidiary
\r
38 * data buffer in one step, this macro lets you add a constant to the
\r
41 * Since the return value is already cast to the struct type, a
\r
42 * pointer to that many bytes of extra data can be conveniently
\r
43 * obtained by simply adding 1 to the returned pointer!
\r
44 * snew_plus_get_aux is a handy macro that does that and casts the
\r
45 * result to void *, so you can assign it straight to wherever you
\r
48 #define snew_plus(type, extra) ((type *)snmalloc(1, sizeof(type), (extra)))
\r
49 #define snew_plus_get_aux(ptr) ((void *)((ptr) + 1))
\r
52 * Helper macros to deal with the common use case of growing an array.
\r
54 * The common setup is that 'array' is a pointer to the first element
\r
55 * of a dynamic array of some type, and 'size' represents the current
\r
56 * allocated size of that array (in elements). Both of those macro
\r
57 * parameters are implicitly written back to.
\r
59 * Then sgrowarray(array, size, n) means: make sure the nth element of
\r
60 * the array exists (i.e. the size is at least n+1). You call that
\r
61 * before writing to the nth element, if you're looping round
\r
62 * appending to the array.
\r
64 * If you need to grow the array by more than one element, you can
\r
65 * instead call sgrowarrayn(array, size, n, m), which will ensure the
\r
66 * size of the array is at least n+m. (So sgrowarray is just the
\r
67 * special case of that in which m == 1.)
\r
69 * It's common to call sgrowarrayn with one of n,m equal to the
\r
70 * previous logical length of the array, and the other equal to the
\r
71 * new number of logical entries you want to add, so that n <= size on
\r
72 * entry. But that's not actually a mandatory precondition: the two
\r
73 * length parameters are just arbitrary integers that get added
\r
74 * together with an initial check for overflow, and the semantics are
\r
75 * simply 'make sure the array is big enough to take their sum, no
\r
76 * matter how big it was to start with'.)
\r
78 * Another occasionally useful idiom is to call sgrowarray with n ==
\r
79 * size, i.e. sgrowarray(array, size, size). That just means: make
\r
80 * array bigger by _some_ amount, I don't particularly mind how much.
\r
81 * You might use that style if you were repeatedly calling an API
\r
82 * function outside your control, which would either fill your buffer
\r
83 * and return success, or else return a 'too big' error without
\r
84 * telling you how much bigger it needed to be.
\r
86 * The _nm variants of the macro set the 'private' flag in the
\r
87 * underlying function, which forces array resizes to be done by a
\r
88 * manual allocate/copy/free instead of realloc, with careful clearing
\r
89 * of the previous memory block before we free it. This costs
\r
90 * performance, but if the block contains important secrets such as
\r
91 * private keys or passwords, it avoids the risk that a realloc that
\r
92 * moves the memory block might leave a copy of the data visible in
\r
93 * the freed memory at the previous location.
\r
95 void *safegrowarray(void *array, size_t *size, size_t eltsize,
\r
96 size_t oldlen, size_t extralen, bool private);
\r
98 /* The master macro wrapper, of which all others are special cases */
\r
99 #define sgrowarray_general(array, size, n, m, priv) \
\r
100 ((array) = safegrowarray(array, &(size), sizeof(*array), n, m, priv))
\r
102 /* The special-case macros that are easier to use in most situations */
\r
103 #define sgrowarrayn( a, s, n, m) sgrowarray_general(a, s, n, m, false)
\r
104 #define sgrowarray( a, s, n ) sgrowarray_general(a, s, n, 1, false)
\r
105 #define sgrowarrayn_nm(a, s, n, m) sgrowarray_general(a, s, n, m, true )
\r
106 #define sgrowarray_nm( a, s, n ) sgrowarray_general(a, s, n, 1, true )
\r
109 * This function is called by the innermost safemalloc/saferealloc
\r
110 * functions when allocation fails. Usually it's provided by an
\r
111 * implementation in utils, which ties it into an application's
\r
112 * existing modalfatalbox() system, but standalone test applications
\r
113 * can reimplement it some other way if they prefer.
\r
115 NORETURN void out_of_memory(void);
\r
119 * Definitions for Minefield, PuTTY's own Windows-specific malloc
\r
120 * debugger in the style of Electric Fence. Implemented in
\r
121 * windows/utils/minefield.c, and referred to by the main malloc
\r
122 * wrappers in memory.c.
\r
124 void *minefield_c_malloc(size_t size);
\r
125 void minefield_c_free(void *p);
\r
126 void *minefield_c_realloc(void *p, size_t size);
\r