include/private/SkMalloc.h - skia - Git at Google

 /*
  * Copyright 2017 Google Inc.
  *
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */

 #ifndef SkMalloc_DEFINED
 #define SkMalloc_DEFINED

 #include <cstddef>
 #include <cstring>

 #include "include/core/SkTypes.h"

 /*
     memory wrappers to be implemented by the porting layer (platform)
 */


 /** Free memory returned by sk_malloc(). It is safe to pass null. */
 SK_API extern void sk_free(void*);

 /**
  *  Called internally if we run out of memory. The platform implementation must
  *  not return, but should either throw an exception or otherwise exit.
  */
 SK_API extern void sk_out_of_memory(void);

 enum {
     /**
      *  If this bit is set, the returned buffer must be zero-initialized. If this bit is not set
      *  the buffer can be uninitialized.
      */
     SK_MALLOC_ZERO_INITIALIZE   = 1 << 0,

     /**
      *  If this bit is set, the implementation must throw/crash/quit if the request cannot
      *  be fulfilled. If this bit is not set, then it should return nullptr on failure.
      */
     SK_MALLOC_THROW             = 1 << 1,
 };
 /**
  *  Return a block of memory (at least 4-byte aligned) of at least the specified size.
  *  If the requested memory cannot be returned, either return nullptr or throw/exit, depending
  *  on the SK_MALLOC_THROW bit. If the allocation succeeds, the memory will be zero-initialized
  *  if the SK_MALLOC_ZERO_INITIALIZE bit was set.
  *
  *  To free the memory, call sk_free()
  */
 SK_API extern void* sk_malloc_flags(size_t size, unsigned flags);

 /** Same as standard realloc(), but this one never returns null on failure. It will throw
  *  an exception if it fails.
  */
 SK_API extern void* sk_realloc_throw(void* buffer, size_t size);

 static inline void* sk_malloc_throw(size_t size) {
     return sk_malloc_flags(size, SK_MALLOC_THROW);
 }

 static inline void* sk_calloc_throw(size_t size) {
     return sk_malloc_flags(size, SK_MALLOC_THROW | SK_MALLOC_ZERO_INITIALIZE);
 }

 static inline void* sk_calloc_canfail(size_t size) {
 #if defined(IS_FUZZING_WITH_LIBFUZZER)
     // The Libfuzzer environment is very susceptible to OOM, so to avoid those
     // just pretend we can't allocate more than 200kb.
     if (size > 200000) {
         return nullptr;
     }
 #endif
     return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
 }

 // Performs a safe multiply count * elemSize, checking for overflow
 SK_API extern void* sk_calloc_throw(size_t count, size_t elemSize);
 SK_API extern void* sk_malloc_throw(size_t count, size_t elemSize);
 SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize);

 /**
  *  These variants return nullptr on failure
  */
 static inline void* sk_malloc_canfail(size_t size) {
 #if defined(IS_FUZZING_WITH_LIBFUZZER)
     // The Libfuzzer environment is very susceptible to OOM, so to avoid those
     // just pretend we can't allocate more than 200kb.
     if (size > 200000) {
         return nullptr;
     }
 #endif
     return sk_malloc_flags(size, 0);
 }
 SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);

 // bzero is safer than memset, but we can't rely on it, so... sk_bzero()
 static inline void sk_bzero(void* buffer, size_t size) {
     // Please c.f. sk_careful_memcpy.  It's undefined behavior to call memset(null, 0, 0).
     if (size) {
         memset(buffer, 0, size);
     }
 }

 /**
  *  sk_careful_memcpy() is just like memcpy(), but guards against undefined behavior.
  *
  * It is undefined behavior to call memcpy() with null dst or src, even if len is 0.
  * If an optimizer is "smart" enough, it can exploit this to do unexpected things.
  *     memcpy(dst, src, 0);
  *     if (src) {
  *         printf("%x\n", *src);
  *     }
  * In this code the compiler can assume src is not null and omit the if (src) {...} check,
  * unconditionally running the printf, crashing the program if src really is null.
  * Of the compilers we pay attention to only GCC performs this optimization in practice.
  */
 static inline void* sk_careful_memcpy(void* dst, const void* src, size_t len) {
     // When we pass >0 len we had better already be passing valid pointers.
     // So we just need to skip calling memcpy when len == 0.
     if (len) {
         memcpy(dst,src,len);
     }
     return dst;
 }

 static inline void* sk_careful_memmove(void* dst, const void* src, size_t len) {
     // When we pass >0 len we had better already be passing valid pointers.
     // So we just need to skip calling memcpy when len == 0.
     if (len) {
         memmove(dst,src,len);
     }
     return dst;
 }

 #endif  // SkMalloc_DEFINED
	/*
	* Copyright 2017 Google Inc.
	*
	* Use of this source code is governed by a BSD-style license that can be
	* found in the LICENSE file.
	*/

	#ifndef SkMalloc_DEFINED
	#define SkMalloc_DEFINED

	#include <cstddef>
	#include <cstring>

	#include "include/core/SkTypes.h"

	/*
	memory wrappers to be implemented by the porting layer (platform)
	*/


	/** Free memory returned by sk_malloc(). It is safe to pass null. */
	SK_API extern void sk_free(void*);

	/**
	* Called internally if we run out of memory. The platform implementation must
	* not return, but should either throw an exception or otherwise exit.
	*/
	SK_API extern void sk_out_of_memory(void);

	enum {
	/**
	* If this bit is set, the returned buffer must be zero-initialized. If this bit is not set
	* the buffer can be uninitialized.
	*/
	SK_MALLOC_ZERO_INITIALIZE = 1 << 0,

	/**
	* If this bit is set, the implementation must throw/crash/quit if the request cannot
	* be fulfilled. If this bit is not set, then it should return nullptr on failure.
	*/
	SK_MALLOC_THROW = 1 << 1,
	};
	/**
	* Return a block of memory (at least 4-byte aligned) of at least the specified size.
	* If the requested memory cannot be returned, either return nullptr or throw/exit, depending
	* on the SK_MALLOC_THROW bit. If the allocation succeeds, the memory will be zero-initialized
	* if the SK_MALLOC_ZERO_INITIALIZE bit was set.
	*
	* To free the memory, call sk_free()
	*/
	SK_API extern void* sk_malloc_flags(size_t size, unsigned flags);

	/** Same as standard realloc(), but this one never returns null on failure. It will throw
	* an exception if it fails.
	*/
	SK_API extern void* sk_realloc_throw(void* buffer, size_t size);

	static inline void* sk_malloc_throw(size_t size) {
	return sk_malloc_flags(size, SK_MALLOC_THROW);
	}

	static inline void* sk_calloc_throw(size_t size) {
	return sk_malloc_flags(size, SK_MALLOC_THROW \| SK_MALLOC_ZERO_INITIALIZE);
	}

	static inline void* sk_calloc_canfail(size_t size) {
	#if defined(IS_FUZZING_WITH_LIBFUZZER)
	// The Libfuzzer environment is very susceptible to OOM, so to avoid those
	// just pretend we can't allocate more than 200kb.
	if (size > 200000) {
	return nullptr;
	}
	#endif
	return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
	}

	// Performs a safe multiply count * elemSize, checking for overflow
	SK_API extern void* sk_calloc_throw(size_t count, size_t elemSize);
	SK_API extern void* sk_malloc_throw(size_t count, size_t elemSize);
	SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize);

	/**
	* These variants return nullptr on failure
	*/
	static inline void* sk_malloc_canfail(size_t size) {
	#if defined(IS_FUZZING_WITH_LIBFUZZER)
	// The Libfuzzer environment is very susceptible to OOM, so to avoid those
	// just pretend we can't allocate more than 200kb.
	if (size > 200000) {
	return nullptr;
	}
	#endif
	return sk_malloc_flags(size, 0);
	}
	SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);

	// bzero is safer than memset, but we can't rely on it, so... sk_bzero()
	static inline void sk_bzero(void* buffer, size_t size) {
	// Please c.f. sk_careful_memcpy. It's undefined behavior to call memset(null, 0, 0).
	if (size) {
	memset(buffer, 0, size);
	}
	}

	/**
	* sk_careful_memcpy() is just like memcpy(), but guards against undefined behavior.
	*
	* It is undefined behavior to call memcpy() with null dst or src, even if len is 0.
	* If an optimizer is "smart" enough, it can exploit this to do unexpected things.
	* memcpy(dst, src, 0);
	* if (src) {
	* printf("%x\n", *src);
	* }
	* In this code the compiler can assume src is not null and omit the if (src) {...} check,
	* unconditionally running the printf, crashing the program if src really is null.
	* Of the compilers we pay attention to only GCC performs this optimization in practice.
	*/
	static inline void* sk_careful_memcpy(void* dst, const void* src, size_t len) {
	// When we pass >0 len we had better already be passing valid pointers.
	// So we just need to skip calling memcpy when len == 0.
	if (len) {
	memcpy(dst,src,len);
	}
	return dst;
	}

	static inline void* sk_careful_memmove(void* dst, const void* src, size_t len) {
	// When we pass >0 len we had better already be passing valid pointers.
	// So we just need to skip calling memcpy when len == 0.
	if (len) {
	memmove(dst,src,len);
	}
	return dst;
	}

	#endif // SkMalloc_DEFINED