Memory: add MEM_malloc_arrayN() function to protect against overflow.

Differential Revision: https://developer.blender.org/D3002

1 files changed, 14 insertions, 0 deletions

diff --git a/intern/guardedalloc/MEM_guardedalloc.h b/intern/guardedalloc/MEM_guardedalloc.h
index f6048a04cf3..a57921223e2 100644
--- a/intern/guardedalloc/MEM_guardedalloc.h
+++ b/intern/guardedalloc/MEM_guardedalloc.h
@@ -114,12 +114,26 @@ extern "C" {
 	extern void *(*MEM_callocN)(size_t len, const char *str) /* ATTR_MALLOC */ ATTR_WARN_UNUSED_RESULT ATTR_ALLOC_SIZE(1) ATTR_NONNULL(2);
 
 	/**
+	 * Allocate a block of memory of size (len * size), with tag name
+	 * str, aborting in case of integer overflows to prevent vulnerabilities.
+	 * The memory is cleared. The name must be static, because only a
+	 * pointer to it is stored ! */
+	extern void *(*MEM_calloc_arrayN)(size_t len, size_t size, const char *str) /* ATTR_MALLOC */ ATTR_WARN_UNUSED_RESULT ATTR_ALLOC_SIZE(1,2) ATTR_NONNULL(3);
+
+	/**
 	 * Allocate a block of memory of size len, with tag name str. The
 	 * name must be a static, because only a pointer to it is stored !
 	 * */
 	extern void *(*MEM_mallocN)(size_t len, const char *str) /* ATTR_MALLOC */ ATTR_WARN_UNUSED_RESULT ATTR_ALLOC_SIZE(1) ATTR_NONNULL(2);
 
 	/**
+	 * Allocate a block of memory of size (len * size), with tag name str,
+	 * aborting in case of integer overflow to prevent vulnerabilities. The
+	 * name must be a static, because only a pointer to it is stored !
+	 * */
+	extern void *(*MEM_malloc_arrayN)(size_t len, size_t size, const char *str) /* ATTR_MALLOC */ ATTR_WARN_UNUSED_RESULT ATTR_ALLOC_SIZE(1,2) ATTR_NONNULL(3);
+
+	/**
 	 * Allocate an aligned block of memory of size len, with tag name str. The
 	 * name must be a static, because only a pointer to it is stored !
 	 * */