1 | /* xalloc-oversized.h -- memory allocation size checking |
2 | |
3 | Copyright (C) 1990-2000, 2003-2004, 2006-2019 Free Software Foundation, Inc. |
4 | |
5 | This program is free software: you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published by |
7 | the Free Software Foundation; either version 3 of the License, or |
8 | (at your option) any later version. |
9 | |
10 | This program is distributed in the hope that it will be useful, |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | GNU General Public License for more details. |
14 | |
15 | You should have received a copy of the GNU General Public License |
16 | along with this program. If not, see <https://www.gnu.org/licenses/>. */ |
17 | |
18 | #ifndef XALLOC_OVERSIZED_H_ |
19 | #define XALLOC_OVERSIZED_H_ |
20 | |
21 | #include <stddef.h> |
22 | #include <stdint.h> |
23 | |
24 | /* True if N * S would overflow in a size_t calculation, |
25 | or would generate a value larger than PTRDIFF_MAX. |
26 | This expands to a constant expression if N and S are both constants. |
27 | By gnulib convention, SIZE_MAX represents overflow in size |
28 | calculations, so the conservative size_t-based dividend to use here |
29 | is SIZE_MAX - 1. */ |
30 | #define __xalloc_oversized(n, s) \ |
31 | ((size_t) (PTRDIFF_MAX < SIZE_MAX ? PTRDIFF_MAX : SIZE_MAX - 1) / (s) < (n)) |
32 | |
33 | #if PTRDIFF_MAX < SIZE_MAX |
34 | typedef ptrdiff_t __xalloc_count_type; |
35 | #else |
36 | typedef size_t __xalloc_count_type; |
37 | #endif |
38 | |
39 | /* Return 1 if an array of N objects, each of size S, cannot exist |
40 | reliably due to size or ptrdiff_t arithmetic overflow. S must be |
41 | positive and N must be nonnegative. This is a macro, not a |
42 | function, so that it works correctly even when SIZE_MAX < N. */ |
43 | |
44 | #if 7 <= __GNUC__ |
45 | # define xalloc_oversized(n, s) \ |
46 | __builtin_mul_overflow_p (n, s, (__xalloc_count_type) 1) |
47 | #elif 5 <= __GNUC__ && !defined __ICC && !__STRICT_ANSI__ |
48 | # define xalloc_oversized(n, s) \ |
49 | (__builtin_constant_p (n) && __builtin_constant_p (s) \ |
50 | ? __xalloc_oversized (n, s) \ |
51 | : ({ __xalloc_count_type __xalloc_count; \ |
52 | __builtin_mul_overflow (n, s, &__xalloc_count); })) |
53 | |
54 | /* Other compilers use integer division; this may be slower but is |
55 | more portable. */ |
56 | #else |
57 | # define xalloc_oversized(n, s) __xalloc_oversized (n, s) |
58 | #endif |
59 | |
60 | #endif /* !XALLOC_OVERSIZED_H_ */ |
61 | |