Commit 731c7758 authored by Andreas Rheinhardt's avatar Andreas Rheinhardt

avutil/mem: Use max_alloc_size as-is

The size of a single allocation performed by av_malloc() or av_realloc()
is supposed to be bounded by max_alloc_size, which defaults to INT_MAX
and can be set by the user; yet currently this is not completely
honoured: The actual value used is max_alloc_size - 32. How this came
to be can only be understood historically:

a) 0ecca7a4 disallowed allocations
> INT_MAX. At that time the size parameter of av_malloc() was an
unsigned and the commentary added ("lets disallow possible ambiguous
cases") indicates that this was done as a precaution against calling the
functions with negative int values. Genuinely limiting the size of
allocations to INT_MAX doesn't seem to have been the intention given
that at this time the memalign hack introduced in commit
da9b170c (which when enabled increased
the size of allocations slightly so that one can return a correctly
aligned pointer that actually does not point to the beginning of the
allocated buffer) was already present.
b) Said memalign hack allocated 17 bytes more than actually desired, yet
allocating 16 bytes more is actually enough and so this was changed in
a9493601; this commit also replaced
INT_MAX by INT_MAX - 16 (and made the limit therefore a limit on the size
of the allocated buffer), but kept the comment, although there is nothing
ambiguous about allocating (INT_MAX - 16)..INT_MAX.
c) 13dfce3d then increased 16 to 32 for
AVX, 6b4c0be5 replaced INT_MAX by
MAX_MALLOC_SIZE (which was of course defined to be INT_MAX) and
5a8e9942 added max_alloc_size and made
it user-selectable.
d) 4fb311c8 then dropped the memalign
hack, yet it kept the -32 (probably because the comment about ambiguous
cases was still present?), although it is no longer needed at all after
this commit. Therefore this commit removes it and uses max_alloc_size
directly.
Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
parent 1fd8528c
...@@ -78,8 +78,7 @@ void *av_malloc(size_t size) ...@@ -78,8 +78,7 @@ void *av_malloc(size_t size)
{ {
void *ptr = NULL; void *ptr = NULL;
/* let's disallow possibly ambiguous cases */ if (size > max_alloc_size)
if (size > (max_alloc_size - 32))
return NULL; return NULL;
#if HAVE_POSIX_MEMALIGN #if HAVE_POSIX_MEMALIGN
...@@ -134,8 +133,7 @@ void *av_malloc(size_t size) ...@@ -134,8 +133,7 @@ void *av_malloc(size_t size)
void *av_realloc(void *ptr, size_t size) void *av_realloc(void *ptr, size_t size)
{ {
/* let's disallow possibly ambiguous cases */ if (size > max_alloc_size)
if (size > (max_alloc_size - 32))
return NULL; return NULL;
#if HAVE_ALIGNED_MALLOC #if HAVE_ALIGNED_MALLOC
...@@ -482,12 +480,12 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size) ...@@ -482,12 +480,12 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size)
if (min_size <= *size) if (min_size <= *size)
return ptr; return ptr;
if (min_size > max_alloc_size - 32) { if (min_size > max_alloc_size) {
*size = 0; *size = 0;
return NULL; return NULL;
} }
min_size = FFMIN(max_alloc_size - 32, FFMAX(min_size + min_size / 16 + 32, min_size)); min_size = FFMIN(max_alloc_size, FFMAX(min_size + min_size / 16 + 32, min_size));
ptr = av_realloc(ptr, min_size); ptr = av_realloc(ptr, min_size);
/* we could set this to the unmodified min_size but this is safer /* we could set this to the unmodified min_size but this is safer
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment