From: Nicolas Pitre <nico@fluxnic.net>
To: Erik Faye-Lund <kusmabite@gmail.com>
Cc: git@vger.kernel.org, jrnieder@gmail.com, peff@peff.net
Subject: Re: [PATCH v4] do not depend on signed integer overflow
Date: Tue, 05 Oct 2010 09:28:55 -0400 (EDT) [thread overview]
Message-ID: <alpine.LFD.2.00.1010050928200.3107@xanadu.home> (raw)
In-Reply-To: <1286263450-5372-1-git-send-email-kusmabite@gmail.com>
On Tue, 5 Oct 2010, Erik Faye-Lund wrote:
> Signed integer overflow is not defined in C, so do not depend on it.
>
> This fixes a problem with GCC 4.4.0 and -O3 where the optimizer would
> consider "consumed_bytes > consumed_bytes + bytes" as a constant
> expression, and never execute the die()-call.
>
> Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Acked-by: Nicolas Pitre <nico@fluxnic.net>
> ---
> builtin/index-pack.c | 2 +-
> builtin/pack-objects.c | 2 +-
> builtin/unpack-objects.c | 2 +-
> git-compat-util.h | 12 ++++++++++++
> 4 files changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/builtin/index-pack.c b/builtin/index-pack.c
> index 2e680d7..e243d9d 100644
> --- a/builtin/index-pack.c
> +++ b/builtin/index-pack.c
> @@ -161,7 +161,7 @@ static void use(int bytes)
> input_offset += bytes;
>
> /* make sure off_t is sufficiently large not to wrap */
> - if (consumed_bytes > consumed_bytes + bytes)
> + if (signed_add_overflows(consumed_bytes, bytes))
> die("pack too large for current definition of off_t");
> consumed_bytes += bytes;
> }
> diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c
> index 3756cf3..d5a8db1 100644
> --- a/builtin/pack-objects.c
> +++ b/builtin/pack-objects.c
> @@ -431,7 +431,7 @@ static int write_one(struct sha1file *f,
> written_list[nr_written++] = &e->idx;
>
> /* make sure off_t is sufficiently large not to wrap */
> - if (*offset > *offset + size)
> + if (signed_add_overflows(*offset, size))
> die("pack too large for current definition of off_t");
> *offset += size;
> return 1;
> diff --git a/builtin/unpack-objects.c b/builtin/unpack-objects.c
> index 685566e..f63973c 100644
> --- a/builtin/unpack-objects.c
> +++ b/builtin/unpack-objects.c
> @@ -83,7 +83,7 @@ static void use(int bytes)
> offset += bytes;
>
> /* make sure off_t is sufficiently large not to wrap */
> - if (consumed_bytes > consumed_bytes + bytes)
> + if (signed_add_overflows(consumed_bytes, bytes))
> die("pack too large for current definition of off_t");
> consumed_bytes += bytes;
> }
> diff --git a/git-compat-util.h b/git-compat-util.h
> index 81883e7..2af8d3e 100644
> --- a/git-compat-util.h
> +++ b/git-compat-util.h
> @@ -28,6 +28,18 @@
> #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
> #define bitsizeof(x) (CHAR_BIT * sizeof(x))
>
> +#define maximum_signed_value_of_type(a) \
> + (INTMAX_MAX >> (bitsizeof(intmax_t) - bitsizeof(a)))
> +
> +/*
> + * Signed integer overflow is undefined in C, so here's a helper macro
> + * to detect if the sum of two integers will overflow.
> + *
> + * Requires: a >= 0, typeof(a) equals typeof(b)
> + */
> +#define signed_add_overflows(a, b) \
> + ((b) > maximum_signed_value_of_type(a) - (a))
> +
> #ifdef __GNUC__
> #define TYPEOF(x) (__typeof__(x))
> #else
> --
> 1.7.3.1.51.ge462f.dirty
>
next prev parent reply other threads:[~2010-10-05 13:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-05 7:24 [PATCH v4] do not depend on signed integer overflow Erik Faye-Lund
2010-10-05 13:28 ` Nicolas Pitre [this message]
2011-02-10 9:35 ` [PATCH] compat: helper for detecting unsigned overflow Jonathan Nieder
2011-02-10 12:11 ` Sverre Rabbelier
2011-02-10 13:23 ` Joshua Juran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.00.1010050928200.3107@xanadu.home \
--to=nico@fluxnic.net \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=kusmabite@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).