Wip/Add header signature safety measure #7
Conversation
Check whether provided pointer is an actual MIDA data, by checking its signature header
There was a problem hiding this comment.
Pull Request Overview
This PR adds a signature header safety measure to the MIDA library to validate that pointers passed to MIDA functions are actually MIDA-managed data. The implementation adds an optional (enabled by default) hidden signature prefix that can be checked to detect misuse.
Key changes:
- Introduces signature header functionality with configurable bytes and size
- Updates all allocation/wrapping functions to write signatures and account for prefix size
- Adds validation helper
mida_is_valid()to check signature integrity
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| mida.h | Core implementation of signature header system with macros, inline functions, and updated allocation/wrapping logic |
| test/test.c | Updates test macro to account for new prefix size in bytemap calculations |
| README.md | Documents the new signature header feature with configuration options and usage examples |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| for (size_t i = 0; i < (size_t)MIDA_SIGNATURE_SIZE; ++i) { | ||
| buffer[i] = sig[i]; | ||
| } | ||
| for (size_t i = (size_t)MIDA_SIGNATURE_SIZE; i < (size_t)MIDA_PREFIX_SIZE; | ||
| ++i) | ||
| { |
There was a problem hiding this comment.
[nitpick] The explicit cast to (size_t) for MIDA_SIGNATURE_SIZE and MIDA_PREFIX_SIZE is redundant since these are already defined as size_t compatible values. Consider removing the casts for cleaner code.
| for (size_t i = 0; i < (size_t)MIDA_SIGNATURE_SIZE; ++i) { | ||
| if (buffer[i] != sig[i]) { | ||
| return 0; | ||
| } | ||
| } |
There was a problem hiding this comment.
[nitpick] Similar to the previous function, the explicit cast to (size_t) for MIDA_SIGNATURE_SIZE is redundant and can be removed for cleaner code.
| if (MIDA_PREFIX_SIZE) { | ||
| __mida_write_signature(buffer); | ||
| } |
There was a problem hiding this comment.
The condition if (MIDA_PREFIX_SIZE) is evaluated at runtime but could be optimized with a compile-time check. Consider using #if MIDA_PREFIX_SIZE instead to eliminate the runtime branch when signatures are disabled.
| if (MIDA_PREFIX_SIZE) { | ||
| __mida_write_signature(buffer); | ||
| } |
There was a problem hiding this comment.
Same as in __mida_malloc, this runtime condition should be a compile-time check using #if MIDA_PREFIX_SIZE for better performance when signatures are disabled.
| if (MIDA_PREFIX_SIZE) { | ||
| __mida_write_signature(buffer); | ||
| } |
There was a problem hiding this comment.
This runtime condition should also be replaced with #if MIDA_PREFIX_SIZE for consistency and to eliminate unnecessary runtime checks when signatures are disabled.
| if (MIDA_PREFIX_SIZE) { | |
| __mida_write_signature(buffer); | |
| } | |
| #if MIDA_PREFIX_SIZE | |
| __mida_write_signature(buffer); | |
| #endif |
| if (MIDA_PREFIX_SIZE) { | ||
| /* container points to the beginning of the container region; header is | ||
| * just before */ | ||
| __mida_write_signature(container - MIDA_PREFIX_SIZE); | ||
| } |
There was a problem hiding this comment.
Replace this runtime condition with #if MIDA_PREFIX_SIZE to maintain consistency with the optimization pattern used elsewhere in the codebase.
Check whether provided pointer is an actual MIDA data, by checking its signature header