Coverage Report

Created: 2026-06-15 06:37

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/dovecot/src/lib/malloc-overflow.h
Line
Count
Source
1
#ifndef MALLOC_OVERFLOW_H
2
#define MALLOC_OVERFLOW_H
3
4
/* MALLOC_*() can be used to calculate memory allocation sizes. If there's an
5
   overflow, it'll cleanly panic instead of causing a potential buffer
6
   overflow.
7
8
   Note that *_malloc(size+1) doesn't need to use MALLOC_ADD(size, 1). It wraps
9
   to size==0 and the *_malloc() calls already panic if size==0. */
10
static inline size_t
11
malloc_multiply_check(size_t a, size_t b, size_t sizeof_a, size_t sizeof_b,
12
          const char *fname, unsigned int linenum)
13
1.30M
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
1.30M
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
342k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
1.30M
  return a * b;
22
1.30M
}
Unexecuted instantiation: dsasl-client-mech-ntlm-dummy.c:malloc_multiply_check
Unexecuted instantiation: fuzz-sasl-authentication.c:malloc_multiply_check
dsasl-client.c:malloc_multiply_check
Line
Count
Source
13
8.16k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
8.16k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
8.16k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
8.16k
  return a * b;
22
8.16k
}
Unexecuted instantiation: sasl-server-mech-anonymous.c:malloc_multiply_check
sasl-server-mech-cram-md5.c:malloc_multiply_check
Line
Count
Source
13
170
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
170
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
170
  return a * b;
22
170
}
sasl-server-mech-digest-md5.c:malloc_multiply_check
Line
Count
Source
13
2.69k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
2.69k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
2.69k
  return a * b;
22
2.69k
}
Unexecuted instantiation: sasl-server-mech-login.c:malloc_multiply_check
sasl-server-mech-oauth2.c:malloc_multiply_check
Line
Count
Source
13
16.8k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
16.8k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
16.8k
  return a * b;
22
16.8k
}
sasl-server-mech-otp.c:malloc_multiply_check
Line
Count
Source
13
9.98k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
9.98k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
9.98k
  return a * b;
22
9.98k
}
Unexecuted instantiation: sasl-server-mech-plain.c:malloc_multiply_check
sasl-server-mech-scram.c:malloc_multiply_check
Line
Count
Source
13
33.6k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
33.6k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
33.6k
  return a * b;
22
33.6k
}
sasl-server-mech.c:malloc_multiply_check
Line
Count
Source
13
240k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
240k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
240k
  return a * b;
22
240k
}
sasl-server-request.c:malloc_multiply_check
Line
Count
Source
13
8.47k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
8.47k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
8.47k
  return a * b;
22
8.47k
}
sasl-server.c:malloc_multiply_check
Line
Count
Source
13
16.0k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
16.0k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
16.0k
  return a * b;
22
16.0k
}
Unexecuted instantiation: sasl-oauth2.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-anonymous.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-cram-md5.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-digest-md5.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-external.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-login.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-oauthbearer.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-otp.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-plain.c:malloc_multiply_check
Unexecuted instantiation: dsasl-client-mech-scram.c:malloc_multiply_check
Unexecuted instantiation: auth-digest.c:malloc_multiply_check
Unexecuted instantiation: auth-gs2.c:malloc_multiply_check
Unexecuted instantiation: auth-scram.c:malloc_multiply_check
Unexecuted instantiation: auth-scram-client.c:malloc_multiply_check
Unexecuted instantiation: auth-scram-server.c:malloc_multiply_check
Unexecuted instantiation: password-scheme.c:malloc_multiply_check
Unexecuted instantiation: password-scheme-md5crypt.c:malloc_multiply_check
Unexecuted instantiation: password-scheme-scram.c:malloc_multiply_check
Unexecuted instantiation: password-scheme-otp.c:malloc_multiply_check
Unexecuted instantiation: password-scheme-pbkdf2.c:malloc_multiply_check
Unexecuted instantiation: oauth2.c:malloc_multiply_check
Unexecuted instantiation: otp-hash.c:malloc_multiply_check
Unexecuted instantiation: otp-parse.c:malloc_multiply_check
Unexecuted instantiation: otp-dictionary.c:malloc_multiply_check
Unexecuted instantiation: otp-parity.c:malloc_multiply_check
Unexecuted instantiation: json-tree-io.c:malloc_multiply_check
Unexecuted instantiation: json-istream.c:malloc_multiply_check
json-ostream.c:malloc_multiply_check
Line
Count
Source
13
684
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
684
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
684
  return a * b;
22
684
}
Unexecuted instantiation: json-tree.c:malloc_multiply_check
Unexecuted instantiation: json-parser.c:malloc_multiply_check
json-generator.c:malloc_multiply_check
Line
Count
Source
13
1.36k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
1.36k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
684
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
1.36k
  return a * b;
22
1.36k
}
Unexecuted instantiation: json-syntax.c:malloc_multiply_check
Unexecuted instantiation: fuzzer.c:malloc_multiply_check
array.c:malloc_multiply_check
Line
Count
Source
13
2.05k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
2.05k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
2.05k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
2.05k
  return a * b;
22
2.05k
}
Unexecuted instantiation: base64.c:malloc_multiply_check
buffer.c:malloc_multiply_check
Line
Count
Source
13
365k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
365k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
194k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
365k
  return a * b;
22
365k
}
Unexecuted instantiation: data-stack.c:malloc_multiply_check
event-log.c:malloc_multiply_check
Line
Count
Source
13
8.16k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
8.16k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
8.16k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
8.16k
  return a * b;
22
8.16k
}
Unexecuted instantiation: failures.c:malloc_multiply_check
Unexecuted instantiation: fd-util.c:malloc_multiply_check
hash.c:malloc_multiply_check
Line
Count
Source
13
56.8k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
56.8k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
56.8k
  return a * b;
22
56.8k
}
Unexecuted instantiation: hash-method.c:malloc_multiply_check
hex-binary.c:malloc_multiply_check
Line
Count
Source
13
14.6k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
14.6k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
14.6k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
14.6k
  return a * b;
22
14.6k
}
Unexecuted instantiation: hex-dec.c:malloc_multiply_check
Unexecuted instantiation: hmac.c:malloc_multiply_check
Unexecuted instantiation: hmac-cram-md5.c:malloc_multiply_check
Unexecuted instantiation: hostpid.c:malloc_multiply_check
Unexecuted instantiation: imem.c:malloc_multiply_check
Unexecuted instantiation: iostream.c:malloc_multiply_check
Unexecuted instantiation: iostream-pump.c:malloc_multiply_check
Unexecuted instantiation: istream.c:malloc_multiply_check
istream-data.c:malloc_multiply_check
Line
Count
Source
13
8.16k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
8.16k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
8.16k
  return a * b;
22
8.16k
}
Unexecuted instantiation: istream-file.c:malloc_multiply_check
Unexecuted instantiation: istream-seekable.c:malloc_multiply_check
ioloop.c:malloc_multiply_check
Line
Count
Source
13
32.6k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
32.6k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
24.5k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
32.6k
  return a * b;
22
32.6k
}
Unexecuted instantiation: ioloop-notify-inotify.c:malloc_multiply_check
Unexecuted instantiation: ioloop-epoll.c:malloc_multiply_check
lib.c:malloc_multiply_check
Line
Count
Source
13
8.16k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
8.16k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
8.16k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
8.16k
  return a * b;
22
8.16k
}
lib-event.c:malloc_multiply_check
Line
Count
Source
13
226k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
226k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
73.8k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
226k
  return a * b;
22
226k
}
Unexecuted instantiation: lib-signals.c:malloc_multiply_check
Unexecuted instantiation: md4.c:malloc_multiply_check
Unexecuted instantiation: md5.c:malloc_multiply_check
Unexecuted instantiation: memarea.c:malloc_multiply_check
Unexecuted instantiation: mempool.c:malloc_multiply_check
mempool-alloconly.c:malloc_multiply_check
Line
Count
Source
13
176k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
176k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
176k
  return a * b;
22
176k
}
mempool-datastack.c:malloc_multiply_check
Line
Count
Source
13
27.8k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
27.8k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
27.8k
  return a * b;
22
27.8k
}
Unexecuted instantiation: mempool-system.c:malloc_multiply_check
Unexecuted instantiation: mempool-unsafe-datastack.c:malloc_multiply_check
Unexecuted instantiation: net.c:malloc_multiply_check
Unexecuted instantiation: ostream.c:malloc_multiply_check
Unexecuted instantiation: ostream-file.c:malloc_multiply_check
Unexecuted instantiation: path-util.c:malloc_multiply_check
Unexecuted instantiation: pkcs5.c:malloc_multiply_check
Unexecuted instantiation: primes.c:malloc_multiply_check
Unexecuted instantiation: printf-format-fix.c:malloc_multiply_check
Unexecuted instantiation: process-title.c:malloc_multiply_check
priorityq.c:malloc_multiply_check
Line
Count
Source
13
16.3k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
16.3k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
8.16k
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
16.3k
  return a * b;
22
16.3k
}
Unexecuted instantiation: randgen.c:malloc_multiply_check
Unexecuted instantiation: rand.c:malloc_multiply_check
Unexecuted instantiation: read-full.c:malloc_multiply_check
Unexecuted instantiation: restrict-access.c:malloc_multiply_check
Unexecuted instantiation: safe-memset.c:malloc_multiply_check
Unexecuted instantiation: safe-mkstemp.c:malloc_multiply_check
Unexecuted instantiation: sendfile-util.c:malloc_multiply_check
Unexecuted instantiation: sha1.c:malloc_multiply_check
Unexecuted instantiation: sha2.c:malloc_multiply_check
Unexecuted instantiation: sha3.c:malloc_multiply_check
Unexecuted instantiation: sleep.c:malloc_multiply_check
Unexecuted instantiation: str.c:malloc_multiply_check
Unexecuted instantiation: str-sanitize.c:malloc_multiply_check
Unexecuted instantiation: strescape.c:malloc_multiply_check
strfuncs.c:malloc_multiply_check
Line
Count
Source
13
19.7k
{
14
  /* the first sizeof-checks are intended to optimize away this entire
15
     if-check for types that are small enough to never wrap size_t. */
16
19.7k
  if ((sizeof_a * 2 > sizeof(size_t) || sizeof_b * 2 > sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
17
0
      b != 0 && (a > SIZE_MAX / b)) {
18
0
    i_panic("file %s: line %d: memory allocation overflow: %zu * %zu",
19
0
      fname, linenum, a, b);
20
0
  }
21
19.7k
  return a * b;
22
19.7k
}
Unexecuted instantiation: strnum.c:malloc_multiply_check
Unexecuted instantiation: time-util.c:malloc_multiply_check
Unexecuted instantiation: unichar.c:malloc_multiply_check
Unexecuted instantiation: unicode-break.c:malloc_multiply_check
Unexecuted instantiation: unicode-data-tables.c:malloc_multiply_check
Unexecuted instantiation: unicode-transform.c:malloc_multiply_check
Unexecuted instantiation: write-full.c:malloc_multiply_check
Unexecuted instantiation: backtrace-string.c:malloc_multiply_check
Unexecuted instantiation: bits.c:malloc_multiply_check
Unexecuted instantiation: eacces-error.c:malloc_multiply_check
Unexecuted instantiation: env-util.c:malloc_multiply_check
Unexecuted instantiation: event-filter.c:malloc_multiply_check
Unexecuted instantiation: event-filter-lexer.c:malloc_multiply_check
Unexecuted instantiation: event-filter-parser.c:malloc_multiply_check
Unexecuted instantiation: ipwd.c:malloc_multiply_check
Unexecuted instantiation: istream-concat.c:malloc_multiply_check
Unexecuted instantiation: ioloop-iolist.c:malloc_multiply_check
Unexecuted instantiation: ioloop-notify-fd.c:malloc_multiply_check
Unexecuted instantiation: str-parse.c:malloc_multiply_check
Unexecuted instantiation: wildcard-match.c:malloc_multiply_check
23
#ifndef STATIC_CHECKER
24
#  define MALLOC_MULTIPLY(a, b) \
25
1.30M
  malloc_multiply_check(a, b, sizeof(a), sizeof(b), __FILE__, __LINE__) // NOLINT(bugprone-sizeof-expression)
26
#else
27
/* avoid warning every time about sizeof(b) when b contains any arithmetic */
28
#  define MALLOC_MULTIPLY(a, b) \
29
  malloc_multiply_check(a, b, sizeof(a), sizeof(size_t), __FILE__, __LINE__)  // NOLINT(bugprone-sizeof-expression)
30
#endif
31
32
static inline size_t
33
malloc_add_check(size_t a, size_t b, size_t sizeof_a, size_t sizeof_b,
34
     const char *fname, unsigned int linenum)
35
126k
{
36
  /* the first sizeof-checks are intended to optimize away this entire
37
     if-check for types that are small enough to never wrap size_t. */
38
126k
  if ((sizeof_a >= sizeof(size_t) || sizeof_b >= sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
39
126k
      SIZE_MAX - a < b) {
40
0
    i_panic("file %s: line %d: memory allocation overflow: %zu + %zu",
41
0
      fname, linenum, a, b);
42
0
  }
43
126k
  return a + b;
44
126k
}
Unexecuted instantiation: dsasl-client-mech-ntlm-dummy.c:malloc_add_check
Unexecuted instantiation: fuzz-sasl-authentication.c:malloc_add_check
Unexecuted instantiation: dsasl-client.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-anonymous.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-cram-md5.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-digest-md5.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-login.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-oauth2.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-otp.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-plain.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech-scram.c:malloc_add_check
Unexecuted instantiation: sasl-server-mech.c:malloc_add_check
Unexecuted instantiation: sasl-server-request.c:malloc_add_check
Unexecuted instantiation: sasl-server.c:malloc_add_check
Unexecuted instantiation: sasl-oauth2.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-anonymous.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-cram-md5.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-digest-md5.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-external.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-login.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-oauthbearer.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-otp.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-plain.c:malloc_add_check
Unexecuted instantiation: dsasl-client-mech-scram.c:malloc_add_check
Unexecuted instantiation: auth-digest.c:malloc_add_check
Unexecuted instantiation: auth-gs2.c:malloc_add_check
Unexecuted instantiation: auth-scram.c:malloc_add_check
Unexecuted instantiation: auth-scram-client.c:malloc_add_check
Unexecuted instantiation: auth-scram-server.c:malloc_add_check
Unexecuted instantiation: password-scheme.c:malloc_add_check
Unexecuted instantiation: password-scheme-md5crypt.c:malloc_add_check
Unexecuted instantiation: password-scheme-scram.c:malloc_add_check
Unexecuted instantiation: password-scheme-otp.c:malloc_add_check
Unexecuted instantiation: password-scheme-pbkdf2.c:malloc_add_check
Unexecuted instantiation: oauth2.c:malloc_add_check
Unexecuted instantiation: otp-hash.c:malloc_add_check
Unexecuted instantiation: otp-parse.c:malloc_add_check
Unexecuted instantiation: otp-dictionary.c:malloc_add_check
Unexecuted instantiation: otp-parity.c:malloc_add_check
Unexecuted instantiation: json-tree-io.c:malloc_add_check
Unexecuted instantiation: json-istream.c:malloc_add_check
Unexecuted instantiation: json-ostream.c:malloc_add_check
Unexecuted instantiation: json-tree.c:malloc_add_check
Unexecuted instantiation: json-parser.c:malloc_add_check
Unexecuted instantiation: json-generator.c:malloc_add_check
Unexecuted instantiation: json-syntax.c:malloc_add_check
Unexecuted instantiation: fuzzer.c:malloc_add_check
Unexecuted instantiation: array.c:malloc_add_check
Unexecuted instantiation: base64.c:malloc_add_check
Unexecuted instantiation: buffer.c:malloc_add_check
data-stack.c:malloc_add_check
Line
Count
Source
35
11.2k
{
36
  /* the first sizeof-checks are intended to optimize away this entire
37
     if-check for types that are small enough to never wrap size_t. */
38
11.2k
  if ((sizeof_a >= sizeof(size_t) || sizeof_b >= sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
39
11.2k
      SIZE_MAX - a < b) {
40
0
    i_panic("file %s: line %d: memory allocation overflow: %zu + %zu",
41
0
      fname, linenum, a, b);
42
0
  }
43
11.2k
  return a + b;
44
11.2k
}
Unexecuted instantiation: event-log.c:malloc_add_check
Unexecuted instantiation: failures.c:malloc_add_check
Unexecuted instantiation: fd-util.c:malloc_add_check
Unexecuted instantiation: hash.c:malloc_add_check
Unexecuted instantiation: hash-method.c:malloc_add_check
Unexecuted instantiation: hex-binary.c:malloc_add_check
Unexecuted instantiation: hex-dec.c:malloc_add_check
Unexecuted instantiation: hmac.c:malloc_add_check
Unexecuted instantiation: hmac-cram-md5.c:malloc_add_check
Unexecuted instantiation: hostpid.c:malloc_add_check
Unexecuted instantiation: imem.c:malloc_add_check
Unexecuted instantiation: iostream.c:malloc_add_check
Unexecuted instantiation: iostream-pump.c:malloc_add_check
Unexecuted instantiation: istream.c:malloc_add_check
Unexecuted instantiation: istream-data.c:malloc_add_check
Unexecuted instantiation: istream-file.c:malloc_add_check
Unexecuted instantiation: istream-seekable.c:malloc_add_check
Unexecuted instantiation: ioloop.c:malloc_add_check
Unexecuted instantiation: ioloop-notify-inotify.c:malloc_add_check
Unexecuted instantiation: ioloop-epoll.c:malloc_add_check
Unexecuted instantiation: lib.c:malloc_add_check
Unexecuted instantiation: lib-event.c:malloc_add_check
Unexecuted instantiation: lib-signals.c:malloc_add_check
Unexecuted instantiation: md4.c:malloc_add_check
Unexecuted instantiation: md5.c:malloc_add_check
Unexecuted instantiation: memarea.c:malloc_add_check
Unexecuted instantiation: mempool.c:malloc_add_check
Unexecuted instantiation: mempool-alloconly.c:malloc_add_check
Unexecuted instantiation: mempool-datastack.c:malloc_add_check
Unexecuted instantiation: mempool-system.c:malloc_add_check
Unexecuted instantiation: mempool-unsafe-datastack.c:malloc_add_check
Unexecuted instantiation: net.c:malloc_add_check
Unexecuted instantiation: ostream.c:malloc_add_check
Unexecuted instantiation: ostream-file.c:malloc_add_check
Unexecuted instantiation: path-util.c:malloc_add_check
Unexecuted instantiation: pkcs5.c:malloc_add_check
Unexecuted instantiation: primes.c:malloc_add_check
Unexecuted instantiation: printf-format-fix.c:malloc_add_check
Unexecuted instantiation: process-title.c:malloc_add_check
Unexecuted instantiation: priorityq.c:malloc_add_check
Unexecuted instantiation: randgen.c:malloc_add_check
Unexecuted instantiation: rand.c:malloc_add_check
Unexecuted instantiation: read-full.c:malloc_add_check
Unexecuted instantiation: restrict-access.c:malloc_add_check
Unexecuted instantiation: safe-memset.c:malloc_add_check
Unexecuted instantiation: safe-mkstemp.c:malloc_add_check
Unexecuted instantiation: sendfile-util.c:malloc_add_check
Unexecuted instantiation: sha1.c:malloc_add_check
Unexecuted instantiation: sha2.c:malloc_add_check
Unexecuted instantiation: sha3.c:malloc_add_check
Unexecuted instantiation: sleep.c:malloc_add_check
Unexecuted instantiation: str.c:malloc_add_check
Unexecuted instantiation: str-sanitize.c:malloc_add_check
Unexecuted instantiation: strescape.c:malloc_add_check
strfuncs.c:malloc_add_check
Line
Count
Source
35
115k
{
36
  /* the first sizeof-checks are intended to optimize away this entire
37
     if-check for types that are small enough to never wrap size_t. */
38
115k
  if ((sizeof_a >= sizeof(size_t) || sizeof_b >= sizeof(size_t)) && // NOLINT(bugprone-sizeof-expression)
39
115k
      SIZE_MAX - a < b) {
40
0
    i_panic("file %s: line %d: memory allocation overflow: %zu + %zu",
41
0
      fname, linenum, a, b);
42
0
  }
43
115k
  return a + b;
44
115k
}
Unexecuted instantiation: strnum.c:malloc_add_check
Unexecuted instantiation: time-util.c:malloc_add_check
Unexecuted instantiation: unichar.c:malloc_add_check
Unexecuted instantiation: unicode-break.c:malloc_add_check
Unexecuted instantiation: unicode-data-tables.c:malloc_add_check
Unexecuted instantiation: unicode-transform.c:malloc_add_check
Unexecuted instantiation: write-full.c:malloc_add_check
Unexecuted instantiation: backtrace-string.c:malloc_add_check
Unexecuted instantiation: bits.c:malloc_add_check
Unexecuted instantiation: eacces-error.c:malloc_add_check
Unexecuted instantiation: env-util.c:malloc_add_check
Unexecuted instantiation: event-filter.c:malloc_add_check
Unexecuted instantiation: event-filter-lexer.c:malloc_add_check
Unexecuted instantiation: event-filter-parser.c:malloc_add_check
Unexecuted instantiation: ipwd.c:malloc_add_check
Unexecuted instantiation: istream-concat.c:malloc_add_check
Unexecuted instantiation: ioloop-iolist.c:malloc_add_check
Unexecuted instantiation: ioloop-notify-fd.c:malloc_add_check
Unexecuted instantiation: str-parse.c:malloc_add_check
Unexecuted instantiation: wildcard-match.c:malloc_add_check
45
#ifndef STATIC_CHECKER
46
#  define MALLOC_ADD(a, b) \
47
49.9k
  malloc_add_check(a, b, sizeof(a), sizeof(b), __FILE__, __LINE__) // NOLINT(bugprone-sizeof-expression)
48
#else
49
/* avoid warning every time about sizeof(b) when b contains any arithmetic */
50
#  define MALLOC_ADD(a, b) \
51
  malloc_add_check(a, b, sizeof(a), sizeof(size_t), __FILE__, __LINE__) // NOLINT(bugprone-sizeof-expression)
52
#endif
53
54
/* Minimal convenience wrapper for common allocation size arithmetic.
55
   Built on MALLOC_ADD() to keep overflow handling centralized. */
56
#define MALLOC_ADD3(a, b, c) \
57
708
  MALLOC_ADD(MALLOC_ADD((a), (b)), (c))
58
59
#endif