do not depend on signed integer overflow

kusma · gitster · commit c03c83152d6c · 2010-10-06T11:10:07.000-07:00
Signed integer overflow is not defined in C, so do not depend on it.

This fixes a problem with GCC 4.4.0 and -O3 where the optimizer would
consider "consumed_bytes &gt; consumed_bytes + bytes" as a constant
expression, and never execute the die()-call.

Signed-off-by: Erik Faye-Lund &lt;kusmabite@gmail.com&gt;
Acked-by: Nicolas Pitre &lt;nico@fluxnic.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/builtin/index-pack.c b/builtin/index-pack.c
@@ -161,7 +161,7 @@ static void use(int bytes)
 	input_offset += bytes;
 
 	/* make sure off_t is sufficiently large not to wrap */
-	if (consumed_bytes > consumed_bytes + bytes)
+	if (signed_add_overflows(consumed_bytes, bytes))
 		die("pack too large for current definition of off_t");
 	consumed_bytes += bytes;
 }
diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c
@@ -431,7 +431,7 @@ static int write_one(struct sha1file *f,
 	written_list[nr_written++] = &e->idx;
 
 	/* make sure off_t is sufficiently large not to wrap */
-	if (*offset > *offset + size)
+	if (signed_add_overflows(*offset, size))
 		die("pack too large for current definition of off_t");
 	*offset += size;
 	return 1;
diff --git a/builtin/unpack-objects.c b/builtin/unpack-objects.c
@@ -83,7 +83,7 @@ static void use(int bytes)
 	offset += bytes;
 
 	/* make sure off_t is sufficiently large not to wrap */
-	if (consumed_bytes > consumed_bytes + bytes)
+	if (signed_add_overflows(consumed_bytes, bytes))
 		die("pack too large for current definition of off_t");
 	consumed_bytes += bytes;
 }
diff --git a/git-compat-util.h b/git-compat-util.h
@@ -28,6 +28,18 @@
 #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
 #define bitsizeof(x)  (CHAR_BIT * sizeof(x))
 
+#define maximum_signed_value_of_type(a) \
+    (INTMAX_MAX >> (bitsizeof(intmax_t) - bitsizeof(a)))
+
+/*
+ * Signed integer overflow is undefined in C, so here's a helper macro
+ * to detect if the sum of two integers will overflow.
+ *
+ * Requires: a >= 0, typeof(a) equals typeof(b)
+ */
+#define signed_add_overflows(a, b) \
+    ((b) > maximum_signed_value_of_type(a) - (a))
+
 #ifdef __GNUC__
 #define TYPEOF(x) (__typeof__(x))
 #else

Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,7 @@ static void use(int bytes)`
`161`	`161`	`input_offset += bytes;`
`162`	`162`
`163`	`163`	`/* make sure off_t is sufficiently large not to wrap */`
`164`		`- if (consumed_bytes > consumed_bytes + bytes)`
	`164`	`+ if (signed_add_overflows(consumed_bytes, bytes))`
`165`	`165`	`die("pack too large for current definition of off_t");`
`166`	`166`	`consumed_bytes += bytes;`
`167`	`167`	`}`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ static void use(int bytes)`
`83`	`83`	`offset += bytes;`
`84`	`84`
`85`	`85`	`/* make sure off_t is sufficiently large not to wrap */`
`86`		`- if (consumed_bytes > consumed_bytes + bytes)`
	`86`	`+ if (signed_add_overflows(consumed_bytes, bytes))`
`87`	`87`	`die("pack too large for current definition of off_t");`
`88`	`88`	`consumed_bytes += bytes;`
`89`	`89`	`}`