diff options
| author | Erik Faye-Lund <kusmabite@gmail.com> | 2010-10-05 09:24:10 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2010-10-06 11:10:07 -0700 |
| commit | c03c83152d6ce6fa5ae49a8698da5fc25a53127f (patch) | |
| tree | ea22721f74663fd79d47b87b9ab9a5170481fa57 | |
| parent | b90d9b889588ca1cfd5667d1fa703d976edd71ee (diff) | |
| download | git-c03c83152d6ce6fa5ae49a8698da5fc25a53127f.tar.gz | |
do not depend on signed integer overflow
Signed integer overflow is not defined in C, so do not depend on it.
This fixes a problem with GCC 4.4.0 and -O3 where the optimizer would
consider "consumed_bytes > consumed_bytes + bytes" as a constant
expression, and never execute the die()-call.
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Acked-by: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | builtin/index-pack.c | 2 | ||||
| -rw-r--r-- | builtin/pack-objects.c | 2 | ||||
| -rw-r--r-- | builtin/unpack-objects.c | 2 | ||||
| -rw-r--r-- | git-compat-util.h | 12 |
4 files changed, 15 insertions, 3 deletions
diff --git a/builtin/index-pack.c b/builtin/index-pack.c index 2e680d7a7a..e243d9d22e 100644 --- a/builtin/index-pack.c +++ b/builtin/index-pack.c @@ -161,7 +161,7 @@ static void use(int bytes) input_offset += bytes; /* make sure off_t is sufficiently large not to wrap */ - if (consumed_bytes > consumed_bytes + bytes) + if (signed_add_overflows(consumed_bytes, bytes)) die("pack too large for current definition of off_t"); consumed_bytes += bytes; } diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c index 3756cf36ee..d5a8db1bb6 100644 --- a/builtin/pack-objects.c +++ b/builtin/pack-objects.c @@ -431,7 +431,7 @@ static int write_one(struct sha1file *f, written_list[nr_written++] = &e->idx; /* make sure off_t is sufficiently large not to wrap */ - if (*offset > *offset + size) + if (signed_add_overflows(*offset, size)) die("pack too large for current definition of off_t"); *offset += size; return 1; diff --git a/builtin/unpack-objects.c b/builtin/unpack-objects.c index 685566e0b5..f63973c914 100644 --- a/builtin/unpack-objects.c +++ b/builtin/unpack-objects.c @@ -83,7 +83,7 @@ static void use(int bytes) offset += bytes; /* make sure off_t is sufficiently large not to wrap */ - if (consumed_bytes > consumed_bytes + bytes) + if (signed_add_overflows(consumed_bytes, bytes)) die("pack too large for current definition of off_t"); consumed_bytes += bytes; } diff --git a/git-compat-util.h b/git-compat-util.h index 81883e7270..2af8d3edbe 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -28,6 +28,18 @@ #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0])) #define bitsizeof(x) (CHAR_BIT * sizeof(x)) +#define maximum_signed_value_of_type(a) \ + (INTMAX_MAX >> (bitsizeof(intmax_t) - bitsizeof(a))) + +/* + * Signed integer overflow is undefined in C, so here's a helper macro + * to detect if the sum of two integers will overflow. + * + * Requires: a >= 0, typeof(a) equals typeof(b) + */ +#define signed_add_overflows(a, b) \ + ((b) > maximum_signed_value_of_type(a) - (a)) + #ifdef __GNUC__ #define TYPEOF(x) (__typeof__(x)) #else |