diff options
| author | Jonathan Nieder <jrnieder@gmail.com> | 2010-10-10 21:59:26 -0500 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2011-02-10 13:47:56 -0800 |
| commit | 1368f65002bf39fdde7dd736a75ae35475184371 (patch) | |
| tree | cb0d57165c5b1f710bb5e6499fa322185a8deb2f /strbuf.c | |
| parent | a8e4a5943a63c8fd4a3a9b70ccf4608bcc973707 (diff) | |
| download | git-1368f65002bf39fdde7dd736a75ae35475184371.tar.gz | |
compat: helper for detecting unsigned overflow
The idiom (a + b < a) works fine for detecting that an unsigned
integer has overflowed, but a more explicit
unsigned_add_overflows(a, b)
might be easier to read.
Define such a macro, expanding roughly to ((a) < UINT_MAX - (b)).
Because the expansion uses each argument only once outside of sizeof()
expressions, it is safe to use with arguments that have side effects.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'strbuf.c')
| -rw-r--r-- | strbuf.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -63,7 +63,8 @@ void strbuf_attach(struct strbuf *sb, void *buf, size_t len, size_t alloc) void strbuf_grow(struct strbuf *sb, size_t extra) { - if (sb->len + extra + 1 <= sb->len) + if (unsigned_add_overflows(extra, 1) || + unsigned_add_overflows(sb->len, extra + 1)) die("you want to use way too much memory"); if (!sb->alloc) sb->buf = NULL; @@ -152,7 +153,7 @@ int strbuf_cmp(const struct strbuf *a, const struct strbuf *b) void strbuf_splice(struct strbuf *sb, size_t pos, size_t len, const void *data, size_t dlen) { - if (pos + len < pos) + if (unsigned_add_overflows(pos, len)) die("you want to use way too much memory"); if (pos > sb->len) die("`pos' is too far after the end of the buffer"); |