Add argument checks to some memory functions in `event.c'.

Add a zero check to the function `event_mm_malloc_',
i.e. simply return NULL if the sz argument is zero.
On failure, set errno to ENOMEM and return NULL.

Add a zero check to the function `event_mm_calloc_',
i.e. simply return NULL if either argument is zero.
Also add an unsigned integer multiplication check, and if an integer
overflow would occur, set errno to ENOMEM and return NULL.
On failure, set errno to ENOMEM and return NULL.

Add a NULL check to the function `event_mm_strdup_',
i.e. set errno to EINVAL and return NULL.
Also add an unsigned integer addition check, and if an integer
overflow would occur, set errno to ENOMEM and return NULL.
If a memory allocation error occurs, again set errno to ENOMEM
and return NULL.

Add unit tests to `test/regress_util.c'.

event.c

@@ -2754,6 +2754,9 @@ static void (*_mm_free_fn)(void *p) = NULL;
 void *
 event_mm_malloc_(size_t sz)
 {
+	if (sz == 0)
+		return NULL;
+
 	if (_mm_malloc_fn)
 		return _mm_malloc_fn(sz);
 	else
@@ -2763,31 +2766,51 @@ event_mm_malloc_(size_t sz)
 void *
 event_mm_calloc_(size_t count, size_t size)
 {
+	if (count == 0 || size == 0)
+		return NULL;
+
 	if (_mm_malloc_fn) {
 		size_t sz = count * size;
-		void *p = _mm_malloc_fn(sz);
+		void *p = NULL;
+		if (count > EV_SIZE_MAX / size)
+			goto error;
+		p = _mm_malloc_fn(sz);
 		if (p)
-			memset(p, 0, sz);
-		return p;
+			return memset(p, 0, sz);
 	} else
 		return calloc(count, size);
+
+error:
+	errno = ENOMEM;
+	return NULL;
 }
 
 char *
 event_mm_strdup_(const char *str)
 {
+	if (!str) {
+		errno = EINVAL;
+		return NULL;
+	}
+
 	if (_mm_malloc_fn) {
 		size_t ln = strlen(str);
-		void *p = _mm_malloc_fn(ln+1);
+		void *p = NULL;
+		if (ln == EV_SIZE_MAX)
+			goto error;
+		p = _mm_malloc_fn(ln+1);
 		if (p)
-			memcpy(p, str, ln+1);
-		return p;
+			return memcpy(p, str, ln+1);
 	} else
 #ifdef _WIN32
 		return _strdup(str);
 #else
 		return strdup(str);
 #endif
+
+error:
+	errno = ENOMEM;
+	return NULL;
 }
 
 void *

mm-internal.h

@@ -36,9 +36,35 @@ extern "C" {
 /* Internal use only: Memory allocation functions. We give them nice short
  * mm_names for our own use, but make sure that the symbols have longer names
  * so they don't conflict with other libraries (like, say, libmm). */
+
+/** Allocate uninitialized memory.
+ *
+ * @return On success, return a pointer to sz newly allocated bytes.
+ *     On failure, set errno to ENOMEM and return NULL.
+ *     If the argument sz is 0, simply return NULL.
+ */
 void *event_mm_malloc_(size_t sz);
+
+/** Allocate memory initialized to zero.
+ *
+ * @return On success, return a pointer to (count * size) newly allocated
+ *     bytes, initialized to zero.
+ *     On failure, or if the product would result in an integer overflow,
+ *     set errno to ENOMEM and return NULL.
+ *     If either arguments are 0, simply return NULL.
+ */
 void *event_mm_calloc_(size_t count, size_t size);
-char *event_mm_strdup_(const char *s);
+
+/** Duplicate a string.
+ *
+ * @return On success, return a pointer to a newly allocated duplicate
+ *     of a string.
+ *     Set errno to ENOMEM and return NULL if a memory allocation error
+ *     occurs (or would occur) in the process.
+ *     If the argument str is NULL, set errno to EINVAL and return NULL.
+ */
+char *event_mm_strdup_(const char *str);
+
 void *event_mm_realloc_(void *p, size_t sz);
 void event_mm_free_(void *p);
 #define mm_malloc(sz) event_mm_malloc_(sz)

test/regress_util.c

@@ -56,6 +56,7 @@
 #include "../util-internal.h"
 #include "../log-internal.h"
 #include "../strlcpy-internal.h"
+#include "../mm-internal.h"
 
 #include "regress.h"
 
@@ -1071,6 +1072,108 @@ end:
 }
 #endif
 
+/** Test mm_malloc(). */
+static void
+test_event_malloc(void *arg)
+{
+	void *p = NULL;
+	(void)arg;
+
+	/* mm_malloc(0) should simply return NULL. */
+	errno = 0;
+	p = mm_malloc(0);
+	tt_assert(p == NULL);
+	tt_int_op(errno, ==, 0);
+
+	/* Trivial case. */
+	errno = 0;
+	p = mm_malloc(8);
+	tt_assert(p != NULL);
+	tt_int_op(errno, ==, 0);
+	mm_free(p);
+
+ end:
+	errno = 0;
+	return;
+}
+
+static void
+test_event_calloc(void *arg)
+{
+	void *p = NULL;
+	(void)arg;
+
+	/* mm_calloc() should simply return NULL
+	 * if either argument is zero. */
+	errno = 0;
+	p = mm_calloc(0, 0);
+	tt_assert(p == NULL);
+	tt_int_op(errno, ==, 0);
+	errno = 0;
+	p = mm_calloc(0, 1);
+	tt_assert(p == NULL);
+	tt_int_op(errno, ==, 0);
+	errno = 0;
+	p = mm_calloc(1, 0);
+	tt_assert(p == NULL);
+	tt_int_op(errno, ==, 0);
+
+	/* Trivial case. */
+	errno = 0;
+	p = mm_calloc(8, 8);
+	tt_assert(p != NULL);
+	tt_int_op(errno, ==, 0);
+	mm_free(p);
+
+	/* mm_calloc() should set errno = ENOMEM and return NULL
+	 * in case of potential overflow. */
+	errno = 0;
+	p = mm_calloc(EV_SIZE_MAX/2, EV_SIZE_MAX/2 + 8);
+	tt_assert(p == NULL);
+	tt_int_op(errno, ==, ENOMEM);
+
+ end:
+	errno = 0;
+	return;
+}
+
+static void
+test_event_strdup(void *arg)
+{
+	void *p = NULL;
+	(void)arg;
+
+	/* mm_strdup(NULL) should set errno = EINVAL and return NULL. */
+	errno = 0;
+	p = mm_strdup(NULL);
+	tt_assert(p == NULL);
+	tt_int_op(errno, ==, EINVAL);
+
+	/* Trivial cases. */
+
+	errno = 0;
+	p = mm_strdup("");
+	tt_assert(p != NULL);
+	tt_int_op(errno, ==, 0);
+	tt_str_op(p, ==, "");
+	mm_free(p);
+
+	errno = 0;
+	p = mm_strdup("foo");
+	tt_assert(p != NULL);
+	tt_int_op(errno, ==, 0);
+	tt_str_op(p, ==, "foo");
+	mm_free(p);
+
+	/* XXX
+	 * mm_strdup(str) where str is a string of length EV_SIZE_MAX
+	 * should set errno = ENOMEM and return NULL. */
+
+ end:
+	errno = 0;
+	return;
+}
+
 struct testcase_t util_testcases[] = {
 	{ "ipv4_parse", regress_ipv4_parse, 0, NULL, NULL },
 	{ "ipv6_parse", regress_ipv6_parse, 0, NULL, NULL },
@@ -1089,6 +1192,9 @@ struct testcase_t util_testcases[] = {
 #ifdef _WIN32
 	{ "loadsyslib", test_evutil_loadsyslib, TT_FORK, NULL, NULL },
 #endif
+	{ "mm_malloc", test_event_malloc, 0, NULL, NULL },
+	{ "mm_calloc", test_event_calloc, 0, NULL, NULL },
+	{ "mm_strdup", test_event_strdup, 0, NULL, NULL },
 	END_OF_TESTCASES,
 };