src: remove UncheckedMalloc(0) workaround

tniessen · tniessen · commit 29bc634a9410 · 2022-09-06T19:51:02.000Z
Assuming that UncheckedMalloc(0) returns a non-nullptr is non-standard and we use other allocators as well (e.g., OPENSSL_malloc) that do not guarantee this behavior. It is the caller's responsibility to check that size != 0 implies UncheckedMalloc(size) != nullptr, and that's exactly what the checked variants (Malloc etc.) already do. The current behavior is also inconsistent with UncheckedRealloc(), which always returns a nullptr when the size is 0, and with the documentation in src/README.md. Refs: nodejs#8571 Refs: nodejs#8572
diff --git a/src/string_bytes.cc b/src/string_bytes.cc
@@ -704,20 +704,21 @@ MaybeLocal<Value> StringBytes::Encode(Isolate* isolate,
     }
 
     case UCS2: {
+      size_t str_len = buflen / 2;
       if (IsBigEndian()) {
-        uint16_t* dst = node::UncheckedMalloc<uint16_t>(buflen / 2);
-        if (dst == nullptr) {
+        uint16_t* dst = node::UncheckedMalloc<uint16_t>(str_len);
+        if (str_len != 0 && dst == nullptr) {
           *error = node::ERR_MEMORY_ALLOCATION_FAILED(isolate);
           return MaybeLocal<Value>();
         }
-        for (size_t i = 0, k = 0; k < buflen / 2; i += 2, k += 1) {
+        for (size_t i = 0, k = 0; k < str_len; i += 2, k += 1) {
           // The input is in *little endian*, because that's what Node.js
           // expects, so the high byte comes after the low byte.
           const uint8_t hi = static_cast<uint8_t>(buf[i + 1]);
           const uint8_t lo = static_cast<uint8_t>(buf[i + 0]);
           dst[k] = static_cast<uint16_t>(hi) << 8 | lo;
         }
-        return ExternTwoByteString::New(isolate, dst, buflen / 2, error);
+        return ExternTwoByteString::New(isolate, dst, str_len, error);
       }
       if (reinterpret_cast<uintptr_t>(buf) % 2 != 0) {
         // Unaligned data still means we can't directly pass it to V8.
@@ -728,10 +729,10 @@ MaybeLocal<Value> StringBytes::Encode(Isolate* isolate,
         }
         memcpy(dst, buf, buflen);
         return ExternTwoByteString::New(
-            isolate, reinterpret_cast<uint16_t*>(dst), buflen / 2, error);
+            isolate, reinterpret_cast<uint16_t*>(dst), str_len, error);
       }
       return ExternTwoByteString::NewFromCopy(
-          isolate, reinterpret_cast<const uint16_t*>(buf), buflen / 2, error);
+          isolate, reinterpret_cast<const uint16_t*>(buf), str_len, error);
     }
 
     default:
diff --git a/src/util-inl.h b/src/util-inl.h
@@ -361,13 +361,11 @@ T* UncheckedRealloc(T* pointer, size_t n) {
 // As per spec realloc behaves like malloc if passed nullptr.
 template <typename T>
 inline T* UncheckedMalloc(size_t n) {
-  if (n == 0) n = 1;
   return UncheckedRealloc<T>(nullptr, n);
 }
 
 template <typename T>
 inline T* UncheckedCalloc(size_t n) {
-  if (n == 0) n = 1;
   MultiplyWithOverflowCheck(sizeof(T), n);
   return static_cast<T*>(calloc(n, sizeof(T)));
 }
diff --git a/test/cctest/test_util.cc b/test/cctest/test_util.cc
@@ -97,39 +97,39 @@ TEST(UtilTest, ToLower) {
   EXPECT_EQ('a', ToLower('A'));
 }
 
-#define TEST_AND_FREE(expression)                                             \
-  do {                                                                        \
-    auto pointer = expression;                                                \
-    EXPECT_NE(nullptr, pointer);                                              \
-    free(pointer);                                                            \
+#define TEST_AND_FREE(expression, size)                                        \
+  do {                                                                         \
+    auto pointer = expression(size);                                           \
+    if (size != 0) EXPECT_NE(pointer, nullptr);                                \
+    free(pointer);                                                             \
   } while (0)
 
 TEST(UtilTest, Malloc) {
-  TEST_AND_FREE(Malloc<char>(0));
-  TEST_AND_FREE(Malloc<char>(1));
-  TEST_AND_FREE(Malloc(0));
-  TEST_AND_FREE(Malloc(1));
+  TEST_AND_FREE(Malloc<char>, 0);
+  TEST_AND_FREE(Malloc<char>, 1);
+  TEST_AND_FREE(Malloc, 0);
+  TEST_AND_FREE(Malloc, 1);
 }
 
 TEST(UtilTest, Calloc) {
-  TEST_AND_FREE(Calloc<char>(0));
-  TEST_AND_FREE(Calloc<char>(1));
-  TEST_AND_FREE(Calloc(0));
-  TEST_AND_FREE(Calloc(1));
+  TEST_AND_FREE(Calloc<char>, 0);
+  TEST_AND_FREE(Calloc<char>, 1);
+  TEST_AND_FREE(Calloc, 0);
+  TEST_AND_FREE(Calloc, 1);
 }
 
 TEST(UtilTest, UncheckedMalloc) {
-  TEST_AND_FREE(UncheckedMalloc<char>(0));
-  TEST_AND_FREE(UncheckedMalloc<char>(1));
-  TEST_AND_FREE(UncheckedMalloc(0));
-  TEST_AND_FREE(UncheckedMalloc(1));
+  TEST_AND_FREE(UncheckedMalloc<char>, 0);
+  TEST_AND_FREE(UncheckedMalloc<char>, 1);
+  TEST_AND_FREE(UncheckedMalloc, 0);
+  TEST_AND_FREE(UncheckedMalloc, 1);
 }
 
 TEST(UtilTest, UncheckedCalloc) {
-  TEST_AND_FREE(UncheckedCalloc<char>(0));
-  TEST_AND_FREE(UncheckedCalloc<char>(1));
-  TEST_AND_FREE(UncheckedCalloc(0));
-  TEST_AND_FREE(UncheckedCalloc(1));
+  TEST_AND_FREE(UncheckedCalloc<char>, 0);
+  TEST_AND_FREE(UncheckedCalloc<char>, 1);
+  TEST_AND_FREE(UncheckedCalloc, 0);
+  TEST_AND_FREE(UncheckedCalloc, 1);
 }
 
 template <typename T>

Original file line number	Diff line number	Diff line change
`@@ -704,20 +704,21 @@ MaybeLocal<Value> StringBytes::Encode(Isolate* isolate,`
`704`	`704`	`}`
`705`	`705`
`706`	`706`	`case UCS2: {`
	`707`	`+ size_t str_len = buflen / 2;`
`707`	`708`	`if (IsBigEndian()) {`
`708`		`- uint16_t* dst = node::UncheckedMalloc<uint16_t>(buflen / 2);`
`709`		`- if (dst == nullptr) {`
	`709`	`+ uint16_t* dst = node::UncheckedMalloc<uint16_t>(str_len);`
	`710`	`+ if (str_len != 0 && dst == nullptr) {`
`710`	`711`	`*error = node::ERR_MEMORY_ALLOCATION_FAILED(isolate);`
`711`	`712`	`return MaybeLocal<Value>();`
`712`	`713`	`}`
`713`		`- for (size_t i = 0, k = 0; k < buflen / 2; i += 2, k += 1) {`
	`714`	`+ for (size_t i = 0, k = 0; k < str_len; i += 2, k += 1) {`
`714`	`715`	`// The input is in little endian, because that's what Node.js`
`715`	`716`	`// expects, so the high byte comes after the low byte.`
`716`	`717`	`const uint8_t hi = static_cast<uint8_t>(buf[i + 1]);`
`717`	`718`	`const uint8_t lo = static_cast<uint8_t>(buf[i + 0]);`
`718`	`719`	`dst[k] = static_cast<uint16_t>(hi) << 8 \| lo;`
`719`	`720`	`}`
`720`		`- return ExternTwoByteString::New(isolate, dst, buflen / 2, error);`
	`721`	`+ return ExternTwoByteString::New(isolate, dst, str_len, error);`
`721`	`722`	`}`
`722`	`723`	`if (reinterpret_cast<uintptr_t>(buf) % 2 != 0) {`
`723`	`724`	`// Unaligned data still means we can't directly pass it to V8.`
`@@ -728,10 +729,10 @@ MaybeLocal<Value> StringBytes::Encode(Isolate* isolate,`
`728`	`729`	`}`
`729`	`730`	`memcpy(dst, buf, buflen);`
`730`	`731`	`return ExternTwoByteString::New(`
`731`		`- isolate, reinterpret_cast<uint16_t*>(dst), buflen / 2, error);`
	`732`	`+ isolate, reinterpret_cast<uint16_t*>(dst), str_len, error);`
`732`	`733`	`}`
`733`	`734`	`return ExternTwoByteString::NewFromCopy(`
`734`		`- isolate, reinterpret_cast<const uint16_t*>(buf), buflen / 2, error);`
	`735`	`+ isolate, reinterpret_cast<const uint16_t*>(buf), str_len, error);`
`735`	`736`	`}`
`736`	`737`
`737`	`738`	`default:`
Original file line number	Diff line number	Diff line change
`@@ -361,13 +361,11 @@ T* UncheckedRealloc(T* pointer, size_t n) {`
`361`	`361`	`// As per spec realloc behaves like malloc if passed nullptr.`
`362`	`362`	`template <typename T>`
`363`	`363`	`inline T* UncheckedMalloc(size_t n) {`
`364`		`- if (n == 0) n = 1;`
`365`	`364`	`return UncheckedRealloc<T>(nullptr, n);`
`366`	`365`	`}`
`367`	`366`
`368`	`367`	`template <typename T>`
`369`	`368`	`inline T* UncheckedCalloc(size_t n) {`
`370`		`- if (n == 0) n = 1;`
`371`	`369`	`MultiplyWithOverflowCheck(sizeof(T), n);`
`372`	`370`	`return static_cast<T*>(calloc(n, sizeof(T)));`
`373`	`371`	`}`