bug-gnulib@gnu.org mirror (unofficial)
 help / color / mirror / Atom feed
From: Paul Eggert <eggert@cs.ucla.edu>
To: bug-gnulib@gnu.org, berrange@redhat.com
Cc: Paul Eggert <eggert@cs.ucla.edu>
Subject: [PATCH 5/8] xalloc-oversized: fix SIZE_MAX optimization bug
Date: Sun, 18 Apr 2021 21:01:56 -0700	[thread overview]
Message-ID: <20210419040158.1902066-5-eggert@cs.ucla.edu> (raw)
In-Reply-To: <20210419040158.1902066-1-eggert@cs.ucla.edu>

* lib/xalloc-oversized.h (xalloc_count_t): Remove; no longer
needed and was evidently error-prone anyway.
(xalloc_oversized): Omit some over-optimization that caused
SIZE_MAX to not be treated as too large (the Gnulib convention) on
unusual platforms where PTRDIFF_MAX == SIZE_MAX.  This change
should not affect typical platforms where PTRDIFF_MAX < SIZE_MAX.
When optimizing, simply use ptrdiff_t instead of xalloc_count_t.
---
 ChangeLog              |  9 +++++++++
 lib/xalloc-oversized.h | 17 ++++++-----------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 857b7048f..1d2607a0b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2021-04-18  Paul Eggert  <eggert@cs.ucla.edu>
 
+	xalloc-oversized: fix SIZE_MAX optimization bug
+	* lib/xalloc-oversized.h (xalloc_count_t): Remove; no longer
+	needed and was evidently error-prone anyway.
+	(xalloc_oversized): Omit some over-optimization that caused
+	SIZE_MAX to not be treated as too large (the Gnulib convention) on
+	unusual platforms where PTRDIFF_MAX == SIZE_MAX.  This change
+	should not affect typical platforms where PTRDIFF_MAX < SIZE_MAX.
+	When optimizing, simply use ptrdiff_t instead of xalloc_count_t.
+
 	xalloc: new function xreallocarray
 	This effectively replaces xnmalloc, which perhaps should be deprecated.
 	The name xreallocarray should be easier to remember now that
diff --git a/lib/xalloc-oversized.h b/lib/xalloc-oversized.h
index 3618c75cb..6437a5d8b 100644
--- a/lib/xalloc-oversized.h
+++ b/lib/xalloc-oversized.h
@@ -30,25 +30,20 @@
 #define __xalloc_oversized(n, s) \
   ((size_t) (PTRDIFF_MAX < SIZE_MAX ? PTRDIFF_MAX : SIZE_MAX - 1) / (s) < (n))
 
-#if PTRDIFF_MAX < SIZE_MAX
-typedef ptrdiff_t xalloc_count_t;
-#else
-typedef size_t xalloc_count_t;
-#endif
-
 /* Return 1 if an array of N objects, each of size S, cannot exist reliably
-   because its total size in bytes exceeds MIN (PTRDIFF_MAX, SIZE_MAX).
+   because its total size in bytes exceeds MIN (PTRDIFF_MAX, SIZE_MAX - 1).
    N must be nonnegative, S must be positive, and either N or S should be
    of type ptrdiff_t or size_t or wider.  This is a macro, not a function,
    so that it works even if an argument exceeds MAX (PTRDIFF_MAX, SIZE_MAX).  */
-#if 7 <= __GNUC__ && !defined __clang__
+#if 7 <= __GNUC__ && !defined __clang__ && PTRDIFF_MAX < SIZE_MAX
 # define xalloc_oversized(n, s) \
-   __builtin_mul_overflow_p (n, s, (xalloc_count_t) 1)
-#elif 5 <= __GNUC__ && !defined __ICC && !__STRICT_ANSI__
+   __builtin_mul_overflow_p (n, s, (ptrdiff_t) 1)
+#elif (5 <= __GNUC__ && !defined __ICC && !__STRICT_ANSI__ \
+       && PTRDIFF_MAX < SIZE_MAX)
 # define xalloc_oversized(n, s) \
    (__builtin_constant_p (n) && __builtin_constant_p (s) \
     ? __xalloc_oversized (n, s) \
-    : ({ xalloc_count_t __xalloc_count; \
+    : ({ ptrdiff_t __xalloc_count; \
          __builtin_mul_overflow (n, s, &__xalloc_count); }))
 
 /* Other compilers use integer division; this may be slower but is
-- 
2.27.0



  parent reply	other threads:[~2021-04-19  4:04 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-19  4:01 [PATCH 1/8] safe-alloc: improve doc Paul Eggert
2021-04-19  4:01 ` [PATCH 2/8] backupfile: simplify via realloc-gnu Paul Eggert
2021-04-19  4:01 ` [PATCH 3/8] group-member: " Paul Eggert
2021-04-19  4:01 ` [PATCH 4/8] xalloc: new function xreallocarray Paul Eggert
2021-04-22  0:18   ` Bruno Haible
2021-04-22 19:39     ` Paul Eggert
2021-10-19 23:49     ` Paul Eggert
2021-04-19  4:01 ` Paul Eggert [this message]
2021-04-19  4:01 ` [PATCH 6/8] safe-alloc: simplify via reallocarray Paul Eggert
2021-04-19  4:01 ` [PATCH 7/8] calloc-gnu: now LGPLv2+ Paul Eggert
2021-04-19  4:01 ` [PATCH 8/8] safe-alloc: fix pointer implementation Paul Eggert
2021-04-22 18:20 ` [PATCH 1/8] safe-alloc: improve doc Eric Blake
2021-04-22 19:32   ` Paul Eggert
2021-04-22 19:43     ` Eric Blake
2021-04-22 20:27   ` Eric Blake

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210419040158.1902066-5-eggert@cs.ucla.edu \
    --to=eggert@cs.ucla.edu \
    --cc=berrange@redhat.com \
    --cc=bug-gnulib@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).