Two cleanups of buffer LONG_MAX overflow hardening:

GCC optimizes out the overflow check due to the overflow check reyling on overflow; reimplement using type-based TYPE_MAX macro Correct an accidental assignment-during-check that wasn't a bug, but was semantically incorrect and rightly triggered a compilation warning. svn path=/trunk/ogg/; revision=17270
author: Monty <xiphmont@xiph.org> 2010-06-04 06:01:33 +0000
committer: Monty <xiphmont@xiph.org> 2010-06-04 06:01:33 +0000
commit: 67133192afc14bdb97518840579baad722c9c304 (patch)
tree: b88eb7342a8ba6c8be5a02912e742724c1bcb35f /include
parent: e64842ca0c77b39fafc4522ba5c22618ab9e01c4 (diff)
download: ogg-git-67133192afc14bdb97518840579baad722c9c304.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/include/ogg/os_types.h b/include/ogg/os_types.h
index 4d4315d..cefd04f 100644
--- a/include/ogg/os_types.h
+++ b/include/ogg/os_types.h
@@ -24,6 +24,19 @@
 #define _ogg_realloc realloc
 #define _ogg_free    free
 
+/* get non-brittle portable type-based MIN/MAX. Assumes 2's-complement
+   math */
+#define TYPE_HALF_MAX_SIGNED(type) \
+  ((typeof(type))1 << (sizeof(type)*8-2))
+#define TYPE_MAX_SIGNED(type) \
+  (TYPE_HALF_MAX_SIGNED(type) - 1 + TYPE_HALF_MAX_SIGNED(type))
+#define TYPE_MIN_SIGNED(type) \
+  (-1 - TYPE_MAX_SIGNED(type))
+#define TYPE_MIN(type) \
+  ((typeof(type))-1 < 1?TYPE_MIN_SIGNED(type):(typeof(type))0)
+#define TYPE_MAX(type) \
+  ((typeof(type))~TYPE_MIN(type))
+
 #if defined(_WIN32) 
 
 #  if defined(__CYGWIN__)
author	Monty <xiphmont@xiph.org>	2010-06-04 06:01:33 +0000
committer	Monty <xiphmont@xiph.org>	2010-06-04 06:01:33 +0000
commit	67133192afc14bdb97518840579baad722c9c304 (patch)
tree	b88eb7342a8ba6c8be5a02912e742724c1bcb35f /include
parent	e64842ca0c77b39fafc4522ba5c22618ab9e01c4 (diff)
download	ogg-git-67133192afc14bdb97518840579baad722c9c304.tar.gz