diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2011-02-10 14:45:55 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2011-02-10 14:45:55 -0800 |
| commit | b308bf18633964102472db5065929a359d4ad265 (patch) | |
| tree | ad03f24d6bcaa3228f20f0141e73bdadffaf3cda | |
| parent | Merge branch 'tr/merge-unborn-clobber' (diff) | |
| parent | compat: helper for detecting unsigned overflow (diff) | |
| download | tgif-b308bf18633964102472db5065929a359d4ad265.tar.xz | |
Merge branch 'maint'
* maint:
compat: helper for detecting unsigned overflow
| -rw-r--r-- | git-compat-util.h | 6 | ||||
| -rw-r--r-- | patch-delta.c | 2 | ||||
| -rw-r--r-- | strbuf.c | 5 | ||||
| -rw-r--r-- | wrapper.c | 2 |
4 files changed, 11 insertions, 4 deletions
diff --git a/git-compat-util.h b/git-compat-util.h index d6d269f138..9c23622ed5 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -31,6 +31,9 @@ #define maximum_signed_value_of_type(a) \ (INTMAX_MAX >> (bitsizeof(intmax_t) - bitsizeof(a))) +#define maximum_unsigned_value_of_type(a) \ + (UINTMAX_MAX >> (bitsizeof(uintmax_t) - bitsizeof(a))) + /* * Signed integer overflow is undefined in C, so here's a helper macro * to detect if the sum of two integers will overflow. @@ -40,6 +43,9 @@ #define signed_add_overflows(a, b) \ ((b) > maximum_signed_value_of_type(a) - (a)) +#define unsigned_add_overflows(a, b) \ + ((b) > maximum_unsigned_value_of_type(a) - (a)) + #ifdef __GNUC__ #define TYPEOF(x) (__typeof__(x)) #else diff --git a/patch-delta.c b/patch-delta.c index d218faa02b..56e0a5ede2 100644 --- a/patch-delta.c +++ b/patch-delta.c @@ -48,7 +48,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size, if (cmd & 0x20) cp_size |= (*data++ << 8); if (cmd & 0x40) cp_size |= (*data++ << 16); if (cp_size == 0) cp_size = 0x10000; - if (cp_off + cp_size < cp_size || + if (unsigned_add_overflows(cp_off, cp_size) || cp_off + cp_size > src_size || cp_size > size) break; @@ -63,7 +63,8 @@ void strbuf_attach(struct strbuf *sb, void *buf, size_t len, size_t alloc) void strbuf_grow(struct strbuf *sb, size_t extra) { - if (sb->len + extra + 1 <= sb->len) + if (unsigned_add_overflows(extra, 1) || + unsigned_add_overflows(sb->len, extra + 1)) die("you want to use way too much memory"); if (!sb->alloc) sb->buf = NULL; @@ -152,7 +153,7 @@ int strbuf_cmp(const struct strbuf *a, const struct strbuf *b) void strbuf_splice(struct strbuf *sb, size_t pos, size_t len, const void *data, size_t dlen) { - if (pos + len < pos) + if (unsigned_add_overflows(pos, len)) die("you want to use way too much memory"); if (pos > sb->len) die("`pos' is too far after the end of the buffer"); @@ -53,7 +53,7 @@ void *xmalloc(size_t size) void *xmallocz(size_t size) { void *ret; - if (size + 1 < size) + if (unsigned_add_overflows(size, 1)) die("Data too large to fit into virtual memory space."); ret = xmalloc(size + 1); ((char*)ret)[size] = 0; |