/src/mupdf/source/fitz/memory.c
Line | Count | Source |
1 | | // Copyright (C) 2004-2026 Artifex Software, Inc. |
2 | | // |
3 | | // This file is part of MuPDF. |
4 | | // |
5 | | // MuPDF is free software: you can redistribute it and/or modify it under the |
6 | | // terms of the GNU Affero General Public License as published by the Free |
7 | | // Software Foundation, either version 3 of the License, or (at your option) |
8 | | // any later version. |
9 | | // |
10 | | // MuPDF is distributed in the hope that it will be useful, but WITHOUT ANY |
11 | | // WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
12 | | // FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more |
13 | | // details. |
14 | | // |
15 | | // You should have received a copy of the GNU Affero General Public License |
16 | | // along with MuPDF. If not, see <https://www.gnu.org/licenses/agpl-3.0.en.html> |
17 | | // |
18 | | // Alternative licensing terms are available from the licensor. |
19 | | // For commercial licensing, see <https://www.artifex.com/> or contact |
20 | | // Artifex Software, Inc., 39 Mesa Street, Suite 108A, San Francisco, |
21 | | // CA 94129, USA, for further information. |
22 | | |
23 | | #include "mupdf/fitz.h" |
24 | | |
25 | | #include <limits.h> |
26 | | #include <string.h> |
27 | | #include <stdlib.h> |
28 | | #include <stdio.h> |
29 | | #include <errno.h> |
30 | | |
31 | | /* Enable FITZ_DEBUG_LOCKING_TIMES below if you want to check the times |
32 | | * for which locks are held too. */ |
33 | | #ifdef FITZ_DEBUG_LOCKING |
34 | | #undef FITZ_DEBUG_LOCKING_TIMES |
35 | | #endif |
36 | | |
37 | | /* |
38 | | * The malloc family of functions will always try scavenging when they run out of memory. |
39 | | * They will only fail when scavenging cannot free up memory from caches in the fz_context. |
40 | | * All the functions will throw an exception when no memory can be allocated, |
41 | | * except the _no_throw family which instead silently returns NULL. |
42 | | */ |
43 | | |
44 | | static void * |
45 | | do_scavenging_malloc(fz_context *ctx, size_t size) |
46 | 159k | { |
47 | 159k | void *p; |
48 | 159k | int phase = 0; |
49 | | |
50 | 159k | fz_lock(ctx, FZ_LOCK_ALLOC); |
51 | 159k | do { |
52 | 159k | p = ctx->alloc.malloc(ctx->alloc.user, size); |
53 | 159k | if (p != NULL) |
54 | 159k | { |
55 | 159k | fz_unlock(ctx, FZ_LOCK_ALLOC); |
56 | 159k | return p; |
57 | 159k | } |
58 | 159k | } |
59 | | #ifdef MEMENTO_SQUEEZEBUILD |
60 | | while (0); |
61 | | (void) phase; |
62 | | #else |
63 | 159k | while (fz_store_scavenge(ctx, size, &phase)); |
64 | 0 | #endif |
65 | 0 | fz_unlock(ctx, FZ_LOCK_ALLOC); |
66 | |
|
67 | 0 | return NULL; |
68 | 159k | } |
69 | | |
70 | | static void * |
71 | | do_scavenging_realloc(fz_context *ctx, void *p, size_t size) |
72 | 6.35k | { |
73 | 6.35k | void *q; |
74 | 6.35k | int phase = 0; |
75 | | |
76 | 6.35k | fz_lock(ctx, FZ_LOCK_ALLOC); |
77 | 6.35k | do { |
78 | 6.35k | q = ctx->alloc.realloc(ctx->alloc.user, p, size); |
79 | 6.35k | if (q != NULL) |
80 | 6.35k | { |
81 | 6.35k | fz_unlock(ctx, FZ_LOCK_ALLOC); |
82 | 6.35k | return q; |
83 | 6.35k | } |
84 | 6.35k | } |
85 | | #ifdef MEMENTO_SQUEEZEBUILD |
86 | | while (0); |
87 | | (void) phase; |
88 | | #else |
89 | 6.35k | while (fz_store_scavenge(ctx, size, &phase)); |
90 | 0 | #endif |
91 | 0 | fz_unlock(ctx, FZ_LOCK_ALLOC); |
92 | |
|
93 | 0 | return NULL; |
94 | 6.35k | } |
95 | | |
96 | | void * |
97 | | fz_malloc(fz_context *ctx, size_t size) |
98 | 157k | { |
99 | 157k | void *p; |
100 | 157k | if (size == 0) |
101 | 2 | return NULL; |
102 | 157k | p = do_scavenging_malloc(ctx, size); |
103 | 157k | if (!p) |
104 | 0 | { |
105 | 0 | errno = ENOMEM; |
106 | 0 | fz_throw(ctx, FZ_ERROR_SYSTEM, "malloc (%zu bytes) failed", size); |
107 | 0 | } |
108 | 157k | return p; |
109 | 157k | } |
110 | | |
111 | | void * |
112 | | fz_malloc_no_throw(fz_context *ctx, size_t size) |
113 | 980 | { |
114 | 980 | if (size == 0) |
115 | 0 | return NULL; |
116 | 980 | return do_scavenging_malloc(ctx, size); |
117 | 980 | } |
118 | | |
119 | | void * |
120 | | fz_malloc_array_imp(fz_context *ctx, size_t nmemb, size_t size) |
121 | 4.96k | { |
122 | 4.96k | size_t total; |
123 | 4.96k | if (fz_ckd_mul_size(&total, nmemb, size)) |
124 | 0 | fz_throw(ctx, FZ_ERROR_SYSTEM, "malloc array (%zu x %zu bytes) failed (overflow)", nmemb, size); |
125 | 4.96k | return fz_malloc(ctx, total); |
126 | 4.96k | } |
127 | | |
128 | | void * |
129 | | fz_realloc_array_imp(fz_context *ctx, void *p, size_t nmemb, size_t size) |
130 | 6.29k | { |
131 | 6.29k | size_t total; |
132 | 6.29k | if (fz_ckd_mul_size(&total, nmemb, size)) |
133 | 0 | fz_throw(ctx, FZ_ERROR_SYSTEM, "realloc array (%zu x %zu bytes) failed (overflow)", nmemb, size); |
134 | 6.29k | return fz_realloc(ctx, p, total); |
135 | 6.29k | } |
136 | | |
137 | | void * |
138 | | fz_calloc(fz_context *ctx, size_t count, size_t size) |
139 | 462 | { |
140 | 462 | void *p; |
141 | 462 | size_t total; |
142 | 462 | if (count == 0 || size == 0) |
143 | 0 | return NULL; |
144 | 462 | if (fz_ckd_mul_size(&total, count, size)) |
145 | 0 | fz_throw(ctx, FZ_ERROR_SYSTEM, "calloc (%zu x %zu bytes) failed (overflow)", count, size); |
146 | 462 | p = do_scavenging_malloc(ctx, total); |
147 | 462 | if (!p) |
148 | 0 | { |
149 | 0 | errno = ENOMEM; |
150 | 0 | fz_throw(ctx, FZ_ERROR_SYSTEM, "calloc (%zu x %zu bytes) failed", count, size); |
151 | 0 | } |
152 | 462 | memset(p, 0, count*size); |
153 | 462 | return p; |
154 | 462 | } |
155 | | |
156 | | void * |
157 | | fz_calloc_no_throw(fz_context *ctx, size_t count, size_t size) |
158 | 144 | { |
159 | 144 | void *p; |
160 | 144 | size_t total; |
161 | 144 | if (count == 0 || size == 0) |
162 | 0 | return NULL; |
163 | 144 | if (fz_ckd_mul_size(&total, count, size)) |
164 | 0 | return NULL; |
165 | 144 | p = do_scavenging_malloc(ctx, total); |
166 | 144 | if (p) |
167 | 144 | memset(p, 0, total); |
168 | 144 | return p; |
169 | 144 | } |
170 | | |
171 | | void * |
172 | | fz_realloc(fz_context *ctx, void *p, size_t size) |
173 | 6.33k | { |
174 | 6.33k | if (size == 0) |
175 | 0 | { |
176 | 0 | fz_free(ctx, p); |
177 | 0 | return NULL; |
178 | 0 | } |
179 | 6.33k | p = do_scavenging_realloc(ctx, p, size); |
180 | 6.33k | if (!p) |
181 | 0 | { |
182 | 0 | errno = ENOMEM; |
183 | 0 | fz_throw(ctx, FZ_ERROR_SYSTEM, "realloc (%zu bytes) failed", size); |
184 | 0 | } |
185 | 6.33k | return p; |
186 | 6.33k | } |
187 | | |
188 | | void * |
189 | | fz_realloc_no_throw(fz_context *ctx, void *p, size_t size) |
190 | 21 | { |
191 | 21 | if (size == 0) |
192 | 0 | { |
193 | 0 | fz_free(ctx, p); |
194 | 0 | return NULL; |
195 | 0 | } |
196 | 21 | return do_scavenging_realloc(ctx, p, size); |
197 | 21 | } |
198 | | |
199 | | void |
200 | | fz_free(fz_context *ctx, void *p) |
201 | 160k | { |
202 | 160k | if (p) |
203 | 159k | { |
204 | 159k | fz_lock(ctx, FZ_LOCK_ALLOC); |
205 | 159k | ctx->alloc.free(ctx->alloc.user, p); |
206 | 159k | fz_unlock(ctx, FZ_LOCK_ALLOC); |
207 | 159k | } |
208 | 160k | } |
209 | | |
210 | | /* align is assumed to be a power of 2. */ |
211 | | void *fz_malloc_aligned(fz_context *ctx, size_t size, int align) |
212 | 0 | { |
213 | 0 | uint8_t *block; |
214 | 0 | uint8_t *aligned; |
215 | |
|
216 | 0 | if (size == 0) |
217 | 0 | return NULL; |
218 | | |
219 | 0 | if (align >= 256) |
220 | 0 | fz_throw(ctx, FZ_ERROR_ARGUMENT, "Alignment too large"); |
221 | 0 | if ((align & (align-1)) != 0) |
222 | 0 | fz_throw(ctx, FZ_ERROR_ARGUMENT, "Alignment must be a power of 2"); |
223 | | |
224 | 0 | block = fz_malloc(ctx, size + align); |
225 | |
|
226 | 0 | aligned = (void *)((intptr_t)(block + align-1) & ~(align-1)); |
227 | 0 | if (aligned == block) |
228 | 0 | aligned = block + align; |
229 | 0 | memset(block, aligned-block, aligned-block); |
230 | |
|
231 | 0 | return aligned; |
232 | 0 | } |
233 | | |
234 | | void fz_free_aligned(fz_context *ctx, void *ptr) |
235 | 0 | { |
236 | 0 | uint8_t *block = ptr; |
237 | |
|
238 | 0 | if (ptr == NULL) |
239 | 0 | return; |
240 | | |
241 | 0 | block -= block[-1]; |
242 | |
|
243 | 0 | fz_free(ctx, block); |
244 | 0 | } |
245 | | |
246 | | char * |
247 | | fz_strdup(fz_context *ctx, const char *s) |
248 | 108 | { |
249 | 108 | size_t len = strlen(s) + 1; |
250 | 108 | char *ns = fz_malloc(ctx, len); |
251 | 108 | memcpy(ns, s, len); |
252 | 108 | return ns; |
253 | 108 | } |
254 | | |
255 | | fz_string * |
256 | | fz_new_string(fz_context *ctx, const char *s) |
257 | 0 | { |
258 | 0 | fz_string *str = fz_malloc_flexible(ctx, fz_string, str, strlen(s) + 1); |
259 | 0 | str->refs = 1; |
260 | 0 | strcpy(str->str, s); |
261 | 0 | return str; |
262 | 0 | } |
263 | | |
264 | | fz_string *fz_keep_string(fz_context *ctx, fz_string *str) |
265 | 0 | { |
266 | 0 | return fz_keep_imp(ctx, str, &str->refs); |
267 | 0 | } |
268 | | |
269 | | void fz_drop_string(fz_context *ctx, fz_string *str) |
270 | 0 | { |
271 | 0 | if (fz_drop_imp(ctx, str, &str->refs)) |
272 | 0 | fz_free(ctx, str); |
273 | 0 | } |
274 | | |
275 | | |
276 | | static void * |
277 | | fz_malloc_default(void *opaque, size_t size) |
278 | 0 | { |
279 | 0 | return malloc(size); |
280 | 0 | } |
281 | | |
282 | | static void * |
283 | | fz_realloc_default(void *opaque, void *old, size_t size) |
284 | 0 | { |
285 | 0 | return realloc(old, size); |
286 | 0 | } |
287 | | |
288 | | static void |
289 | | fz_free_default(void *opaque, void *ptr) |
290 | 0 | { |
291 | 0 | free(ptr); |
292 | 0 | } |
293 | | |
294 | | fz_alloc_context fz_alloc_default = |
295 | | { |
296 | | NULL, |
297 | | fz_malloc_default, |
298 | | fz_realloc_default, |
299 | | fz_free_default |
300 | | }; |
301 | | |
302 | | static void |
303 | | fz_lock_default(void *user, int lock) |
304 | 819k | { |
305 | 819k | } |
306 | | |
307 | | static void |
308 | | fz_unlock_default(void *user, int lock) |
309 | 819k | { |
310 | 819k | } |
311 | | |
312 | | fz_locks_context fz_locks_default = |
313 | | { |
314 | | NULL, |
315 | | fz_lock_default, |
316 | | fz_unlock_default |
317 | | }; |
318 | | |
319 | | #ifdef FITZ_DEBUG_LOCKING |
320 | | |
321 | | enum |
322 | | { |
323 | | FZ_LOCK_DEBUG_CONTEXT_MAX = 100 |
324 | | }; |
325 | | |
326 | | fz_context *fz_lock_debug_contexts[FZ_LOCK_DEBUG_CONTEXT_MAX]; |
327 | | int fz_locks_debug[FZ_LOCK_DEBUG_CONTEXT_MAX][FZ_LOCK_MAX]; |
328 | | |
329 | | #ifdef FITZ_DEBUG_LOCKING_TIMES |
330 | | |
331 | | int fz_debug_locking_inited = 0; |
332 | | int fz_lock_program_start; |
333 | | int fz_lock_time[FZ_LOCK_DEBUG_CONTEXT_MAX][FZ_LOCK_MAX] = { { 0 } }; |
334 | | int fz_lock_taken[FZ_LOCK_DEBUG_CONTEXT_MAX][FZ_LOCK_MAX] = { { 0 } }; |
335 | | |
336 | | /* We implement our own millisecond clock, as clock() cannot be trusted |
337 | | * when threads are involved. */ |
338 | | static int ms_clock(void) |
339 | | { |
340 | | #ifdef _WIN32 |
341 | | return (int)GetTickCount(); |
342 | | #else |
343 | | struct timeval tp; |
344 | | gettimeofday(&tp, NULL); |
345 | | return (tp.tv_sec*1000) + (tp.tv_usec/1000); |
346 | | #endif |
347 | | } |
348 | | |
349 | | static void dump_lock_times(void) |
350 | | { |
351 | | int i, j; |
352 | | int prog_time = ms_clock() - fz_lock_program_start; |
353 | | |
354 | | for (j = 0; j < FZ_LOCK_MAX; j++) |
355 | | { |
356 | | int total = 0; |
357 | | for (i = 0; i < FZ_LOCK_DEBUG_CONTEXT_MAX; i++) |
358 | | { |
359 | | total += fz_lock_time[i][j]; |
360 | | } |
361 | | printf("Lock %d held for %g seconds (%g%%)\n", j, total / 1000.0f, 100.0f*total/prog_time); |
362 | | } |
363 | | printf("Total program time %g seconds\n", prog_time / 1000.0f); |
364 | | } |
365 | | |
366 | | #endif |
367 | | |
368 | | static int find_context(fz_context *ctx) |
369 | 1.63M | { |
370 | 1.63M | int i; |
371 | | |
372 | 4.09M | for (i = 0; i < FZ_LOCK_DEBUG_CONTEXT_MAX; i++) |
373 | 4.09M | { |
374 | 4.09M | if (fz_lock_debug_contexts[i] == ctx) |
375 | 1.63M | return i; |
376 | 2.45M | if (fz_lock_debug_contexts[i] == NULL) |
377 | 4 | { |
378 | 4 | int gottit = 0; |
379 | | /* We've not locked on this context before, so use |
380 | | * this one for this new context. We might have other |
381 | | * threads trying here too though so, so claim it |
382 | | * atomically. No one has locked on this context |
383 | | * before, so we are safe to take the ALLOC lock. */ |
384 | 4 | ctx->locks.lock(ctx->locks.user, FZ_LOCK_ALLOC); |
385 | | /* If it's still free, then claim it as ours, |
386 | | * otherwise we'll keep hunting. */ |
387 | 4 | if (fz_lock_debug_contexts[i] == NULL) |
388 | 4 | { |
389 | 4 | gottit = 1; |
390 | 4 | fz_lock_debug_contexts[i] = ctx; |
391 | | #ifdef FITZ_DEBUG_LOCKING_TIMES |
392 | | if (fz_debug_locking_inited == 0) |
393 | | { |
394 | | fz_debug_locking_inited = 1; |
395 | | fz_lock_program_start = ms_clock(); |
396 | | atexit(dump_lock_times); |
397 | | } |
398 | | #endif |
399 | 4 | } |
400 | 4 | ctx->locks.unlock(ctx->locks.user, FZ_LOCK_ALLOC); |
401 | 4 | if (gottit) |
402 | 4 | return i; |
403 | 4 | } |
404 | 2.45M | } |
405 | 0 | return -1; |
406 | 1.63M | } |
407 | | |
408 | | void |
409 | | fz_assert_lock_held(fz_context *ctx, int lock) |
410 | 16 | { |
411 | 16 | int idx; |
412 | | |
413 | 16 | if (ctx->locks.lock != fz_lock_default) |
414 | 0 | return; |
415 | | |
416 | 16 | idx = find_context(ctx); |
417 | 16 | if (idx < 0) |
418 | 0 | return; |
419 | | |
420 | 16 | if (fz_locks_debug[idx][lock] == 0) |
421 | 0 | fprintf(stderr, "Lock %d not held when expected\n", lock); |
422 | 16 | } |
423 | | |
424 | | void |
425 | | fz_assert_lock_not_held(fz_context *ctx, int lock) |
426 | 0 | { |
427 | 0 | int idx; |
428 | |
|
429 | 0 | if (ctx->locks.lock != fz_lock_default) |
430 | 0 | return; |
431 | | |
432 | 0 | idx = find_context(ctx); |
433 | 0 | if (idx < 0) |
434 | 0 | return; |
435 | | |
436 | 0 | if (fz_locks_debug[idx][lock] != 0) |
437 | 0 | fprintf(stderr, "Lock %d held when not expected\n", lock); |
438 | 0 | } |
439 | | |
440 | | void fz_lock_debug_lock(fz_context *ctx, int lock) |
441 | 819k | { |
442 | 819k | int i, idx; |
443 | | |
444 | 819k | if (ctx->locks.lock != fz_lock_default) |
445 | 0 | return; |
446 | | |
447 | 819k | idx = find_context(ctx); |
448 | 819k | if (idx < 0) |
449 | 0 | return; |
450 | | |
451 | 819k | if (fz_locks_debug[idx][lock] != 0) |
452 | 0 | { |
453 | 0 | fprintf(stderr, "Attempt to take lock %d when held already!\n", lock); |
454 | 0 | } |
455 | 859k | for (i = lock-1; i >= 0; i--) |
456 | 39.9k | { |
457 | 39.9k | if (fz_locks_debug[idx][i] != 0) |
458 | 0 | { |
459 | 0 | fprintf(stderr, "Lock ordering violation: Attempt to take lock %d when %d held already!\n", lock, i); |
460 | 0 | } |
461 | 39.9k | } |
462 | 819k | fz_locks_debug[idx][lock] = 1; |
463 | | #ifdef FITZ_DEBUG_LOCKING_TIMES |
464 | | fz_lock_taken[idx][lock] = ms_clock(); |
465 | | #endif |
466 | 819k | } |
467 | | |
468 | | void fz_lock_debug_unlock(fz_context *ctx, int lock) |
469 | 819k | { |
470 | 819k | int idx; |
471 | | |
472 | 819k | if (ctx->locks.lock != fz_lock_default) |
473 | 0 | return; |
474 | | |
475 | 819k | idx = find_context(ctx); |
476 | 819k | if (idx < 0) |
477 | 0 | return; |
478 | | |
479 | 819k | if (fz_locks_debug[idx][lock] == 0) |
480 | 0 | { |
481 | 0 | fprintf(stderr, "Attempt to release lock %d when not held!\n", lock); |
482 | 0 | } |
483 | 819k | fz_locks_debug[idx][lock] = 0; |
484 | | #ifdef FITZ_DEBUG_LOCKING_TIMES |
485 | | fz_lock_time[idx][lock] += ms_clock() - fz_lock_taken[idx][lock]; |
486 | | #endif |
487 | 819k | } |
488 | | |
489 | | #else |
490 | | |
491 | | void |
492 | | (fz_assert_lock_held)(fz_context *ctx, int lock) |
493 | | { |
494 | | } |
495 | | |
496 | | void |
497 | | (fz_assert_lock_not_held)(fz_context *ctx, int lock) |
498 | | { |
499 | | } |
500 | | |
501 | | void (fz_lock_debug_lock)(fz_context *ctx, int lock) |
502 | | { |
503 | | } |
504 | | |
505 | | void (fz_lock_debug_unlock)(fz_context *ctx, int lock) |
506 | | { |
507 | | } |
508 | | |
509 | | #endif |