Merge pull request adafruit#10872 from dhalbert/allocate-after-validations

in `*_make_new()`, allocate obj only after all validations

Author: dhalbert

shared-bindings/_bleio/Address.c

@@ -37,8 +37,6 @@ static mp_obj_t bleio_address_make_new(const mp_obj_type_t *type, size_t n_args,
     mp_arg_val_t args[MP_ARRAY_SIZE(allowed_args)];
     mp_arg_parse_all_kw_array(n_args, n_kw, all_args, MP_ARRAY_SIZE(allowed_args), allowed_args, args);
 
-    bleio_address_obj_t *self = mp_obj_malloc(bleio_address_obj_t, &bleio_address_type);
-
     const mp_obj_t address = args[ARG_address].u_obj;
     mp_buffer_info_t buf_info;
     mp_get_buffer_raise(address, &buf_info, MP_BUFFER_READ);
@@ -51,6 +49,7 @@ static mp_obj_t bleio_address_make_new(const mp_obj_type_t *type, size_t n_args,
         mp_arg_error_invalid(MP_QSTR_address_type);
     }
 
+    bleio_address_obj_t *self = mp_obj_malloc(bleio_address_obj_t, &bleio_address_type);
     common_hal_bleio_address_construct(self, buf_info.buf, address_type);
 
     return MP_OBJ_FROM_PTR(self);

shared-bindings/_bleio/UUID.c

@@ -34,8 +34,6 @@
 static mp_obj_t bleio_uuid_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *all_args) {
     mp_arg_check_num(n_args, n_kw, 1, 1, false);
 
-    bleio_uuid_obj_t *self = mp_obj_malloc(bleio_uuid_obj_t, &bleio_uuid_type);
-
     const mp_obj_t value = all_args[0];
     uint8_t uuid128[16];
 
@@ -46,8 +44,10 @@ static mp_obj_t bleio_uuid_make_new(const mp_obj_type_t *type, size_t n_args, si
         }
 
         // NULL means no 128-bit value.
+        bleio_uuid_obj_t *self = mp_obj_malloc(bleio_uuid_obj_t, &bleio_uuid_type);
         common_hal_bleio_uuid_construct(self, uuid16, NULL);
 
+        return MP_OBJ_FROM_PTR(self);
     } else {
         if (mp_obj_is_str(value)) {
             // 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
@@ -93,10 +93,12 @@ static mp_obj_t bleio_uuid_make_new(const mp_obj_type_t *type, size_t n_args, si
         uint32_t uuid16 = (uuid128[13] << 8) | uuid128[12];
         uuid128[12] = 0;
         uuid128[13] = 0;
+
+        bleio_uuid_obj_t *self = mp_obj_malloc(bleio_uuid_obj_t, &bleio_uuid_type);
         common_hal_bleio_uuid_construct(self, uuid16, uuid128);
-    }
 
-    return MP_OBJ_FROM_PTR(self);
+        return MP_OBJ_FROM_PTR(self);
+    }
 }
 
 //|     uuid16: int

shared-bindings/_stage/Layer.c

@@ -38,38 +38,38 @@ static mp_obj_t layer_make_new(const mp_obj_type_t *type, size_t n_args,
     size_t n_kw, const mp_obj_t *args) {
     mp_arg_check_num(n_args, n_kw, 4, 5, false);
 
-    layer_obj_t *self = mp_obj_malloc(layer_obj_t, type);
-
-    self->width = mp_obj_get_int(args[0]);
-    self->height = mp_obj_get_int(args[1]);
-    self->x = 0;
-    self->y = 0;
-    self->frame = 0;
-    self->rotation = false;
+    mp_uint_t width = mp_arg_validate_int_min(mp_obj_get_int(args[0]), 0, MP_QSTR_width);
+    mp_uint_t height = mp_arg_validate_int_min(mp_obj_get_int(args[1]), 0, MP_QSTR_height);
 
-    mp_buffer_info_t bufinfo;
-    mp_get_buffer_raise(args[2], &bufinfo, MP_BUFFER_READ);
-    self->graphic = bufinfo.buf;
-    if (bufinfo.len != 2048) {
-        mp_raise_ValueError(MP_ERROR_TEXT("graphic must be 2048 bytes long"));
-    }
+    mp_buffer_info_t graphic_bufinfo;
+    mp_get_buffer_raise(args[2], &graphic_bufinfo, MP_BUFFER_READ);
+    mp_arg_validate_length(graphic_bufinfo.len, 2048, MP_QSTR_graphic);
 
-    mp_get_buffer_raise(args[3], &bufinfo, MP_BUFFER_READ);
-    self->palette = bufinfo.buf;
-    if (bufinfo.len != 32) {
-        mp_raise_ValueError(MP_ERROR_TEXT("palette must be 32 bytes long"));
-    }
+    mp_buffer_info_t palette_bufinfo;
+    mp_get_buffer_raise(args[3], &palette_bufinfo, MP_BUFFER_READ);
+    mp_arg_validate_length(palette_bufinfo.len, 32, MP_QSTR_palette);
 
+    mp_buffer_info_t map_bufinfo = { .buf = NULL };
     if (n_args > 4) {
-        mp_get_buffer_raise(args[4], &bufinfo, MP_BUFFER_READ);
-        self->map = bufinfo.buf;
-        if (bufinfo.len < (self->width * self->height) / 2) {
+        mp_get_buffer_raise(args[4], &map_bufinfo, MP_BUFFER_READ);
+        if (map_bufinfo.len < (width * height) / 2) {
             mp_raise_ValueError(MP_ERROR_TEXT("map buffer too small"));
         }
-    } else {
-        self->map = NULL;
     }
 
+    // Only allocate after validation is finished.
+    layer_obj_t *self = mp_obj_malloc(layer_obj_t, type);
+
+    self->width = width;
+    self->height = height;
+    self->x = 0;
+    self->y = 0;
+    self->frame = 0;
+    self->rotation = false;
+    self->graphic = graphic_bufinfo.buf;
+    self->palette = palette_bufinfo.buf;
+    self->map = map_bufinfo.buf;
+
     return MP_OBJ_FROM_PTR(self);
 }
 

shared-bindings/_stage/Text.c

@@ -38,32 +38,32 @@ static mp_obj_t text_make_new(const mp_obj_type_t *type, size_t n_args,
     size_t n_kw, const mp_obj_t *args) {
     mp_arg_check_num(n_args, n_kw, 5, 5, false);
 
-    text_obj_t *self = mp_obj_malloc(text_obj_t, type);
+    mp_uint_t width = mp_arg_validate_int_min(mp_obj_get_int(args[0]), 0, MP_QSTR_width);
+    mp_uint_t height = mp_arg_validate_int_min(mp_obj_get_int(args[1]), 0, MP_QSTR_height);
 
-    self->width = mp_obj_get_int(args[0]);
-    self->height = mp_obj_get_int(args[1]);
-    self->x = 0;
-    self->y = 0;
-
-    mp_buffer_info_t bufinfo;
-    mp_get_buffer_raise(args[2], &bufinfo, MP_BUFFER_READ);
-    self->font = bufinfo.buf;
-    if (bufinfo.len != 2048) {
-        mp_raise_ValueError(MP_ERROR_TEXT("font must be 2048 bytes long"));
-    }
+    mp_buffer_info_t font_bufinfo;
+    mp_get_buffer_raise(args[2], &font_bufinfo, MP_BUFFER_READ);
+    mp_arg_validate_length(font_bufinfo.len, 2048, MP_QSTR_font);
 
-    mp_get_buffer_raise(args[3], &bufinfo, MP_BUFFER_READ);
-    self->palette = bufinfo.buf;
-    if (bufinfo.len != 32) {
-        mp_raise_ValueError(MP_ERROR_TEXT("palette must be 32 bytes long"));
-    }
+    mp_buffer_info_t palette_bufinfo;
+    mp_get_buffer_raise(args[3], &palette_bufinfo, MP_BUFFER_READ);
+    mp_arg_validate_length(font_bufinfo.len, 32, MP_QSTR_palette);
 
-    mp_get_buffer_raise(args[4], &bufinfo, MP_BUFFER_READ);
-    self->chars = bufinfo.buf;
-    if (bufinfo.len < self->width * self->height) {
+    mp_buffer_info_t chars_bufinfo;
+    mp_get_buffer_raise(args[4], &chars_bufinfo, MP_BUFFER_READ);
+    if (chars_bufinfo.len < width * height) {
         mp_raise_ValueError(MP_ERROR_TEXT("chars buffer too small"));
     }
 
+    text_obj_t *self = mp_obj_malloc(text_obj_t, type);
+    self->width = width;
+    self->height = height;
+    self->x = 0;
+    self->y = 0;
+    self->font = font_bufinfo.buf;
+    self->palette = palette_bufinfo.buf;
+    self->chars = chars_bufinfo.buf;
+
     return MP_OBJ_FROM_PTR(self);
 }
 

shared-bindings/adafruit_bus_device/i2c_device/I2CDevice.c

@@ -47,8 +47,6 @@
 //|     ...
 //|
 static mp_obj_t adafruit_bus_device_i2cdevice_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *all_args) {
-    adafruit_bus_device_i2cdevice_obj_t *self =
-        mp_obj_malloc(adafruit_bus_device_i2cdevice_obj_t, &adafruit_bus_device_i2cdevice_type);
     enum { ARG_i2c, ARG_device_address, ARG_probe };
     static const mp_arg_t allowed_args[] = {
         { MP_QSTR_i2c, MP_ARG_REQUIRED | MP_ARG_OBJ },
@@ -60,12 +58,14 @@ static mp_obj_t adafruit_bus_device_i2cdevice_make_new(const mp_obj_type_t *type
 
     mp_obj_t *i2c = args[ARG_i2c].u_obj;
 
+    adafruit_bus_device_i2cdevice_obj_t *self =
+        mp_obj_malloc(adafruit_bus_device_i2cdevice_obj_t, &adafruit_bus_device_i2cdevice_type);
     common_hal_adafruit_bus_device_i2cdevice_construct(MP_OBJ_TO_PTR(self), i2c, args[ARG_device_address].u_int);
     if (args[ARG_probe].u_bool == true) {
         common_hal_adafruit_bus_device_i2cdevice_probe_for_device(self);
     }
 
-    return (mp_obj_t)self;
+    return MP_OBJ_FROM_PTR(self);
 }
 
 //|     def __enter__(self) -> I2CDevice:

shared-bindings/adafruit_bus_device/spi_device/SPIDevice.c

@@ -59,8 +59,6 @@
 //|     ...
 //|
 static mp_obj_t adafruit_bus_device_spidevice_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *all_args) {
-    adafruit_bus_device_spidevice_obj_t *self =
-        mp_obj_malloc(adafruit_bus_device_spidevice_obj_t, &adafruit_bus_device_spidevice_type);
     enum { ARG_spi, ARG_chip_select, ARG_cs_active_value, ARG_baudrate, ARG_polarity, ARG_phase, ARG_extra_clocks };
     static const mp_arg_t allowed_args[] = {
         { MP_QSTR_spi, MP_ARG_REQUIRED | MP_ARG_OBJ },
@@ -78,12 +76,11 @@ static mp_obj_t adafruit_bus_device_spidevice_make_new(const mp_obj_type_t *type
 
     mp_arg_validate_type_or_none(args[ARG_chip_select].u_obj, &digitalio_digitalinout_type, MP_QSTR_chip_select);
 
-    common_hal_adafruit_bus_device_spidevice_construct(MP_OBJ_TO_PTR(self), spi, args[ARG_chip_select].u_obj, args[ARG_cs_active_value].u_bool, args[ARG_baudrate].u_int, args[ARG_polarity].u_int,
-        args[ARG_phase].u_int, args[ARG_extra_clocks].u_int);
-
     if (args[ARG_chip_select].u_obj != mp_const_none) {
-        digitalinout_result_t result = common_hal_digitalio_digitalinout_switch_to_output(MP_OBJ_TO_PTR(args[ARG_chip_select].u_obj),
-            true, DRIVE_MODE_PUSH_PULL);
+        digitalinout_result_t result =
+            common_hal_digitalio_digitalinout_switch_to_output(MP_OBJ_TO_PTR(args[ARG_chip_select].u_obj),
+                true,
+                DRIVE_MODE_PUSH_PULL);
         #if CIRCUITPY_DIGITALIO_HAVE_INPUT_ONLY
         if (result == DIGITALINOUT_INPUT_ONLY) {
             mp_raise_NotImplementedError(MP_ERROR_TEXT("Pin is input only"));
@@ -93,7 +90,19 @@ static mp_obj_t adafruit_bus_device_spidevice_make_new(const mp_obj_type_t *type
         #endif
     }
 
-    return (mp_obj_t)self;
+    adafruit_bus_device_spidevice_obj_t *self =
+        mp_obj_malloc(adafruit_bus_device_spidevice_obj_t, &adafruit_bus_device_spidevice_type);
+    common_hal_adafruit_bus_device_spidevice_construct(MP_OBJ_TO_PTR(self),
+        spi,
+        args[ARG_chip_select].u_obj,
+        args[ARG_cs_active_value].u_bool,
+        args[ARG_baudrate].u_int,
+        args[ARG_polarity].u_int,
+        args[ARG_phase].u_int,
+        args[ARG_extra_clocks].u_int);
+
+
+    return MP_OBJ_FROM_PTR(self);
 }
 
 //|     def __enter__(self) -> busio.SPI:

shared-bindings/aesio/aes.c

@@ -55,8 +55,6 @@
 
 static mp_obj_t aesio_aes_make_new(const mp_obj_type_t *type, size_t n_args,
     size_t n_kw, const mp_obj_t *all_args) {
-    aesio_aes_obj_t *self = mp_obj_malloc(aesio_aes_obj_t, &aesio_aes_type);
-
     enum { ARG_key, ARG_mode, ARG_IV, ARG_counter, ARG_segment_size };
     static const mp_arg_t allowed_args[] = {
         {MP_QSTR_key, MP_ARG_OBJ | MP_ARG_REQUIRED, {.u_obj = MP_OBJ_NULL} },
@@ -100,8 +98,10 @@ static mp_obj_t aesio_aes_make_new(const mp_obj_type_t *type, size_t n_args,
         iv = bufinfo.buf;
     }
 
+    aesio_aes_obj_t *self = mp_obj_malloc(aesio_aes_obj_t, &aesio_aes_type);
     common_hal_aesio_aes_construct(self, key, key_length, iv, mode,
         args[ARG_counter].u_int);
+
     return MP_OBJ_FROM_PTR(self);
 }
 

shared-bindings/alarm/pin/PinAlarm.c

@@ -42,7 +42,6 @@
 //|         ...
 //|
 static mp_obj_t alarm_pin_pinalarm_make_new(const mp_obj_type_t *type, mp_uint_t n_args, size_t n_kw, const mp_obj_t *all_args) {
-    alarm_pin_pinalarm_obj_t *self = mp_obj_malloc(alarm_pin_pinalarm_obj_t, &alarm_pin_pinalarm_type);
     enum { ARG_pin, ARG_value, ARG_edge, ARG_pull };
     static const mp_arg_t allowed_args[] = {
         { MP_QSTR_pin, MP_ARG_REQUIRED | MP_ARG_OBJ },
@@ -55,6 +54,7 @@ static mp_obj_t alarm_pin_pinalarm_make_new(const mp_obj_type_t *type, mp_uint_t
 
     const mcu_pin_obj_t *pin = validate_obj_is_free_pin(args[ARG_pin].u_obj, MP_QSTR_pin);
 
+    alarm_pin_pinalarm_obj_t *self = mp_obj_malloc(alarm_pin_pinalarm_obj_t, &alarm_pin_pinalarm_type);
     common_hal_alarm_pin_pinalarm_construct(self,
         pin,
         args[ARG_value].u_bool,

shared-bindings/alarm/time/TimeAlarm.c

@@ -46,8 +46,6 @@ mp_obj_t MP_WEAK rtc_get_time_source_time(void) {
 //|
 static mp_obj_t alarm_time_timealarm_make_new(const mp_obj_type_t *type,
     size_t n_args, size_t n_kw, const mp_obj_t *all_args) {
-    alarm_time_timealarm_obj_t *self = mp_obj_malloc(alarm_time_timealarm_obj_t, &alarm_time_timealarm_type);
-
     enum { ARG_monotonic_time, ARG_epoch_time };
     static const mp_arg_t allowed_args[] = {
         { MP_QSTR_monotonic_time, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_obj = mp_const_none} },
@@ -92,6 +90,7 @@ static mp_obj_t alarm_time_timealarm_make_new(const mp_obj_type_t *type,
         mp_raise_ValueError(MP_ERROR_TEXT("Time is in the past."));
     }
 
+    alarm_time_timealarm_obj_t *self = mp_obj_malloc(alarm_time_timealarm_obj_t, &alarm_time_timealarm_type);
     common_hal_alarm_time_timealarm_construct(self, monotonic_time);
 
     return MP_OBJ_FROM_PTR(self);

shared-bindings/alarm/touch/TouchAlarm.c

@@ -26,8 +26,6 @@
 //|
 static mp_obj_t alarm_touch_touchalarm_make_new(const mp_obj_type_t *type,
     size_t n_args, size_t n_kw, const mp_obj_t *all_args) {
-    alarm_touch_touchalarm_obj_t *self = mp_obj_malloc(alarm_touch_touchalarm_obj_t, &alarm_touch_touchalarm_type);
-
     enum { ARG_pin };
     static const mp_arg_t allowed_args[] = {
         { MP_QSTR_pin, MP_ARG_REQUIRED | MP_ARG_OBJ },
@@ -38,6 +36,7 @@ static mp_obj_t alarm_touch_touchalarm_make_new(const mp_obj_type_t *type,
 
     const mcu_pin_obj_t *pin = validate_obj_is_free_pin(args[ARG_pin].u_obj, MP_QSTR_pin);
 
+    alarm_touch_touchalarm_obj_t *self = mp_obj_malloc(alarm_touch_touchalarm_obj_t, &alarm_touch_touchalarm_type);
     common_hal_alarm_touch_touchalarm_construct(self, pin);
 
     return MP_OBJ_FROM_PTR(self);