diff options
author | Rasmus Villemoes <rv@rasmusvillemoes.dk> | 2016-12-06 19:53:37 +0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-12-07 15:44:31 -0800 |
commit | 381aa8e73070646933520e1133a81ab4ba383891 (patch) | |
tree | 5b01c4654b226888dbb6a8cd12e9b61e57b36ebc | |
parent | f2386c6b77e236fc104d3a024e5d314c23a941eb (diff) | |
download | git-381aa8e73070646933520e1133a81ab4ba383891.tar.gz |
shallow.c: avoid theoretical pointer wrap-around
The expression info->free+size is technically undefined behaviour in
exactly the case we want to test for. Moreover, the compiler is likely
to translate the expression to
(unsigned long)info->free + size > (unsigned long)info->end
where there's at least a theoretical chance that the LHS could wrap
around 0, giving a false negative.
This might as well be written using pointer subtraction avoiding these
issues.
Signed-off-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | shallow.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -368,7 +368,7 @@ static uint32_t *paint_alloc(struct paint_info *info) unsigned nr = (info->nr_bits + 31) / 32; unsigned size = nr * sizeof(uint32_t); void *p; - if (!info->pool_count || info->free + size > info->end) { + if (!info->pool_count || size > info->end - info->free) { if (size > POOL_SIZE) die("BUG: pool size too small for %d in paint_alloc()", size); |