integer.h 3.79 KB
Newer Older
1 2 3 4 5 6 7 8 9 10
/*
 * Copyright (C) the libgit2 contributors. All rights reserved.
 *
 * This file is part of libgit2, distributed under the GNU GPL v2 with
 * a Linking Exception. For full terms see the included COPYING file.
 */
#ifndef INCLUDE_integer_h__
#define INCLUDE_integer_h__

/** @return true if p fits into the range of a size_t */
11
GIT_INLINE(int) git__is_sizet(int64_t p)
12 13
{
	size_t r = (size_t)p;
14
	return p == (int64_t)r;
15 16 17 18 19 20 21 22 23
}

/** @return true if p fits into the range of an ssize_t */
GIT_INLINE(int) git__is_ssizet(size_t p)
{
	ssize_t r = (ssize_t)p;
	return p == (size_t)r;
}

24 25 26 27 28 29 30
/** @return true if p fits into the range of a uint16_t */
GIT_INLINE(int) git__is_uint16(size_t p)
{
	uint16_t r = (uint16_t)p;
	return p == (size_t)r;
}

31 32 33 34 35 36 37 38
/** @return true if p fits into the range of a uint32_t */
GIT_INLINE(int) git__is_uint32(size_t p)
{
	uint32_t r = (uint32_t)p;
	return p == (size_t)r;
}

/** @return true if p fits into the range of an unsigned long */
39
GIT_INLINE(int) git__is_ulong(int64_t p)
40 41
{
	unsigned long r = (unsigned long)p;
42
	return p == (int64_t)r;
43 44
}

45 46 47 48 49 50 51
/** @return true if p fits into the range of an int */
GIT_INLINE(int) git__is_int(long long p)
{
	int r = (int)p;
	return p == (long long)r;
}

52
/* Use clang/gcc compiler intrinsics whenever possible */
53 54 55
#if (__has_builtin(__builtin_add_overflow) || \
     (defined(__GNUC__) && (__GNUC__ >= 5)))

56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
# if (SIZE_MAX == UINT_MAX)
#  define git__add_sizet_overflow(out, one, two) \
     __builtin_uadd_overflow(one, two, out)
#  define git__multiply_sizet_overflow(out, one, two) \
     __builtin_umul_overflow(one, two, out)
# elif (SIZE_MAX == ULONG_MAX)
#  define git__add_sizet_overflow(out, one, two) \
     __builtin_uaddl_overflow(one, two, out)
#  define git__multiply_sizet_overflow(out, one, two) \
     __builtin_umull_overflow(one, two, out)
# elif (SIZE_MAX == ULLONG_MAX)
#  define git__add_sizet_overflow(out, one, two) \
     __builtin_uaddll_overflow(one, two, out)
#  define git__multiply_sizet_overflow(out, one, two) \
     __builtin_umulll_overflow(one, two, out)
# else
#  error compiler has add with overflow intrinsics but SIZE_MAX is unknown
# endif
74

75 76 77 78 79
# define git__add_int_overflow(out, one, two) \
    __builtin_sadd_overflow(one, two, out)
# define git__sub_int_overflow(out, one, two) \
    __builtin_ssub_overflow(one, two, out)

80 81 82
/* Use Microsoft's safe integer handling functions where available */
#elif defined(_MSC_VER)

83
# define ENABLE_INTSAFE_SIGNED_FUNCTIONS
84 85 86 87 88 89
# include <intsafe.h>

# define git__add_sizet_overflow(out, one, two) \
    (SizeTAdd(one, two, out) != S_OK)
# define git__multiply_sizet_overflow(out, one, two) \
    (SizeTMult(one, two, out) != S_OK)
90 91 92 93
#define git__add_int_overflow(out, one, two) \
    (IntAdd(one, two, out) != S_OK)
#define git__sub_int_overflow(out, one, two) \
    (IntSub(one, two, out) != S_OK)
94

95 96
#else

97 98
/**
 * Sets `one + two` into `out`, unless the arithmetic would overflow.
99
 * @return false if the result fits in a `size_t`, true on overflow.
100 101 102 103
 */
GIT_INLINE(bool) git__add_sizet_overflow(size_t *out, size_t one, size_t two)
{
	if (SIZE_MAX - one < two)
104 105 106
		return true;
	*out = one + two;
	return false;
107 108 109 110
}

/**
 * Sets `one * two` into `out`, unless the arithmetic would overflow.
111
 * @return false if the result fits in a `size_t`, true on overflow.
112 113 114 115
 */
GIT_INLINE(bool) git__multiply_sizet_overflow(size_t *out, size_t one, size_t two)
{
	if (one && SIZE_MAX / one < two)
116 117 118
		return true;
	*out = one * two;
	return false;
119 120
}

121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138
GIT_INLINE(bool) git__add_int_overflow(int *out, int one, int two)
{
	if ((two > 0 && one > (INT_MAX - two)) ||
	    (two < 0 && one < (INT_MIN - two)))
		return true;
	*out = one + two;
	return false;
}

GIT_INLINE(bool) git__sub_int_overflow(int *out, int one, int two)
{
	if ((two > 0 && one < (INT_MIN + two)) ||
	    (two < 0 && one > (INT_MAX + two)))
		return true;
	*out = one - two;
	return false;
}

139 140
#endif

141
#endif