Merge from OpenBSD - Marc Espie improved the ohash interface:

* rename the halloc callback to calloc, provide overflow protection
* rename the hfree callback to free, drop the useless size argument
* prevent integer overflows in ohash_resize

4 files changed, 36 insertions, 34 deletions

diff --git a/compat_ohash.c b/compat_ohash.c
index 33c57afc..0992b365 100644
--- a/compat_ohash.c
+++ b/compat_ohash.c
@@ -29,6 +29,7 @@ int dummy;
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 #include "compat_ohash.h"
 
 struct _ohash_record {
@@ -69,8 +70,7 @@ ohash_create_entry(struct ohash_info *i, const char *start, const char **end)
 void
 ohash_delete(struct ohash *h)
 {
-	(h->info.hfree)(h->t, sizeof(struct _ohash_record) * h->size,
-		h->info.data);
+	(h->info.free)(h->t, h->info.data);
 #ifndef NDEBUG
 	h->t = NULL;
 #endif
@@ -80,13 +80,17 @@ static void
 ohash_resize(struct ohash *h)
 {
 	struct _ohash_record *n;
-	unsigned int 	ns, j;
+	size_t ns;
+	unsigned int	j;
 	unsigned int	i, incr;
 
-	if (4 * h->deleted < h->total)
-		ns = h->size << 1;
-	else if (3 * h->deleted > 2 * h->total)
-		ns = h->size >> 1;
+	if (4 * h->deleted < h->total) {
+		if (h->size >= (UINT_MAX >> 1U))
+			ns = UINT_MAX;
+		else
+			ns = h->size << 1U;
+	} else if (3 * h->deleted > 2 * h->total)
+		ns = h->size >> 1U;
 	else
 		ns = h->size;
 	if (ns < MINSIZE)
@@ -95,7 +99,8 @@ ohash_resize(struct ohash *h)
 	STAT_HASH_EXPAND++;
 	STAT_HASH_SIZE += ns - h->size;
 #endif
-	n = (h->info.halloc)(sizeof(struct _ohash_record) * ns, h->info.data);
+
+	n = (h->info.calloc)(ns, sizeof(struct _ohash_record), h->info.data);
 	if (!n)
 		return;
 
@@ -112,8 +117,7 @@ ohash_resize(struct ohash *h)
 			n[i].p = h->t[j].p;
 		}
 	}
-	(h->info.hfree)(h->t, sizeof(struct _ohash_record) * h->size, 
-		h->info.data);
+	(h->info.free)(h->t, h->info.data);
 	h->t = n;
 	h->size = ns;
 	h->total -= h->deleted;
@@ -199,12 +203,12 @@ ohash_init(struct ohash *h, unsigned int size, struct ohash_info *info)
 #endif
 	/* Copy info so that caller may free it.  */
 	h->info.key_offset = info->key_offset;
-	h->info.halloc = info->halloc;
-	h->info.hfree = info->hfree;
+	h->info.calloc = info->calloc;
+	h->info.free = info->free;
 	h->info.alloc = info->alloc;
 	h->info.data = info->data;
-	h->t = (h->info.halloc)(sizeof(struct _ohash_record) * h->size,
-	    h->info.data);
+	h->t = (h->info.calloc)(h->size, sizeof(struct _ohash_record),
+		    h->info.data);
 	h->total = h->deleted = 0;
 }
 
diff --git a/compat_ohash.h b/compat_ohash.h
index d07df18e..c5f81ec0 100644
--- a/compat_ohash.h
+++ b/compat_ohash.h
@@ -27,8 +27,8 @@
 struct ohash_info {
 	ptrdiff_t key_offset;
 	void *data;	/* user data */
-	void *(*halloc)(size_t, void *);
-	void (*hfree)(void *, size_t, void *);
+	void *(*calloc)(size_t, size_t, void *);
+	void (*free)(void *, void *);
 	void *(*alloc)(size_t, void *);
 };
 
diff --git a/mandocdb.c b/mandocdb.c
index e82bf506..de0bee03 100644
--- a/mandocdb.c
+++ b/mandocdb.c
@@ -145,8 +145,8 @@ static	int	 dbopen(int);
 static	void	 dbprune(void);
 static	void	 filescan(const char *);
 static	void	*hash_alloc(size_t, void *);
-static	void	 hash_free(void *, size_t, void *);
-static	void	*hash_halloc(size_t, void *);
+static	void	 hash_free(void *, void *);
+static	void	*hash_calloc(size_t, size_t, void *);
 static	void	 mlink_add(struct mlink *, const struct stat *);
 static	void	 mlink_check(struct mpage *, struct mlink *);
 static	void	 mlink_free(struct mlink *);
@@ -336,8 +336,8 @@ main(int argc, char *argv[])
 	memset(&dirs, 0, sizeof(struct manpaths));
 
 	mpages_info.alloc  = mlinks_info.alloc  = hash_alloc;
-	mpages_info.halloc = mlinks_info.halloc = hash_halloc;
-	mpages_info.hfree  = mlinks_info.hfree  = hash_free;
+	mpages_info.calloc = mlinks_info.calloc = hash_calloc;
+	mpages_info.free  = mlinks_info.free  = hash_free;
 
 	mpages_info.key_offset = offsetof(struct mpage, inodev);
 	mlinks_info.key_offset = offsetof(struct mlink, file);
@@ -1088,8 +1088,8 @@ mpages_merge(struct mchars *mc, struct mparse *mp)
 	enum mandoclevel	 lvl;
 
 	str_info.alloc = hash_alloc;
-	str_info.halloc = hash_halloc;
-	str_info.hfree = hash_free;
+	str_info.calloc = hash_calloc;
+	str_info.free = hash_free;
 	str_info.key_offset = offsetof(struct str, key);
 
 	if (0 == nodb)
@@ -2348,10 +2348,10 @@ prepare_statements:
 }
 
 static void *
-hash_halloc(size_t sz, void *arg)
+hash_calloc(size_t n, size_t sz, void *arg)
 {
 
-	return(mandoc_calloc(1, sz));
+	return(mandoc_calloc(n, sz));
 }
 
 static void *
@@ -2362,7 +2362,7 @@ hash_alloc(size_t sz, void *arg)
 }
 
 static void
-hash_free(void *p, size_t sz, void *arg)
+hash_free(void *p, void *arg)
 {
 
 	free(p);
diff --git a/mansearch.c b/mansearch.c
index e116aac9..fe4dc654 100644
--- a/mansearch.c
+++ b/mansearch.c
@@ -85,8 +85,8 @@ static	void		 buildnames(struct manpage *, sqlite3 *,
 static	char		*buildoutput(sqlite3 *, sqlite3_stmt *,
 				 uint64_t, uint64_t);
 static	void		*hash_alloc(size_t, void *);
-static	void		 hash_free(void *, size_t, void *);
-static	void		*hash_halloc(size_t, void *);
+static	void		 hash_free(void *, void *);
+static	void		*hash_calloc(size_t, size_t, void *);
 static	struct expr	*exprcomp(const struct mansearch *,
 				int, char *[]);
 static	void		 exprfree(struct expr *);
@@ -171,11 +171,9 @@ mansearch(const struct mansearch *search,
 	unsigned int	 idx;
 	size_t		 i, j, cur, maxres;
 
-	memset(&info, 0, sizeof(struct ohash_info));
-
-	info.halloc = hash_halloc;
+	info.calloc = hash_calloc;
 	info.alloc = hash_alloc;
-	info.hfree = hash_free;
+	info.free = hash_free;
 	info.key_offset = offsetof(struct match, pageid);
 
 	*sz = cur = maxres = 0;
@@ -790,10 +788,10 @@ exprfree(struct expr *p)
 }
 
 static void *
-hash_halloc(size_t sz, void *arg)
+hash_calloc(size_t nmemb, size_t sz, void *arg)
 {
 
-	return(mandoc_calloc(1, sz));
+	return(mandoc_calloc(nmemb, sz));
 }
 
 static void *
@@ -804,7 +802,7 @@ hash_alloc(size_t sz, void *arg)
 }
 
 static void
-hash_free(void *p, size_t sz, void *arg)
+hash_free(void *p, void *arg)
 {
 
 	free(p);