include/media/stagefright/foundation/ABase.h - third_party/android/platform/frameworks/av - Git at Google

 /*
  * Copyright (C) 2010 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef A_BASE_H_

 #define A_BASE_H_

 #ifndef ARRAY_SIZE
 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
 #endif

 #define DISALLOW_EVIL_CONSTRUCTORS(name) \
     name(const name &); \
     name &operator=(const name &)

 /* Returns true if the size parameter is safe for new array allocation (32-bit)
  *
  * Example usage:
  *
  * if (!isSafeArraySize<uint32_t>(arraySize)) {
  *     return BAD_VALUE;
  * }
  * ...
  * uint32_t *myArray = new uint32_t[arraySize];
  *
  * There is a bug in gcc versions earlier than 4.8 where the new[] array allocation
  * will overflow in the internal 32 bit heap allocation, resulting in an
  * underallocated array. This is a security issue that allows potential overwriting
  * of other heap data.
  *
  * An alternative to checking is to create a safe new array template function which
  * either throws a std::bad_alloc exception or returns NULL/nullptr_t; NULL considered
  * safe since normal access of NULL throws an exception.
  *
  * https://securityblog.redhat.com/2012/10/31/array-allocation-in-cxx/
  */
 template <typename T, typename S>
 bool isSafeArraySize(S size) {
     return size >= 0                            // in case S is signed, ignored if not.
             && size <= 0xffffffff / sizeof(T);  // max-unsigned-32-bit-int / element-size.
 }

 #endif  // A_BASE_H_
	/*
	* Copyright (C) 2010 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#ifndef A_BASE_H_

	#define A_BASE_H_

	#ifndef ARRAY_SIZE
	#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
	#endif

	#define DISALLOW_EVIL_CONSTRUCTORS(name) \
	name(const name &); \
	name &operator=(const name &)

	/* Returns true if the size parameter is safe for new array allocation (32-bit)
	*
	* Example usage:
	*
	* if (!isSafeArraySize<uint32_t>(arraySize)) {
	* return BAD_VALUE;
	* }
	* ...
	* uint32_t *myArray = new uint32_t[arraySize];
	*
	* There is a bug in gcc versions earlier than 4.8 where the new[] array allocation
	* will overflow in the internal 32 bit heap allocation, resulting in an
	* underallocated array. This is a security issue that allows potential overwriting
	* of other heap data.
	*
	* An alternative to checking is to create a safe new array template function which
	* either throws a std::bad_alloc exception or returns NULL/nullptr_t; NULL considered
	* safe since normal access of NULL throws an exception.
	*
	* https://securityblog.redhat.com/2012/10/31/array-allocation-in-cxx/
	*/
	template <typename T, typename S>
	bool isSafeArraySize(S size) {
	return size >= 0 // in case S is signed, ignored if not.
	&& size <= 0xffffffff / sizeof(T); // max-unsigned-32-bit-int / element-size.
	}

	#endif // A_BASE_H_