[v3,6/8] git-compat-util: introduce more size_t helpers

Message ID	18419070c29aef85c266f01174f436566bf792fd.1635515959.git.gitgitgadget@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <git-owner@kernel.org> Message-Id: <18419070c29aef85c266f01174f436566bf792fd.1635515959.git.gitgitgadget@gmail.com> In-Reply-To: <pull.1068.v3.git.1635515959.gitgitgadget@gmail.com> References: <pull.1068.v2.git.1635454237.gitgitgadget@gmail.com> <pull.1068.v3.git.1635515959.gitgitgadget@gmail.com> Date: Fri, 29 Oct 2021 13:59:17 +0000 Subject: [PATCH v3 6/8] git-compat-util: introduce more size_t helpers Fcc: Sent Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 To: git@vger.kernel.org Cc: Carlo Arenas <carenas@gmail.com>, "brian m. carlson" <sandals@crustytoothpaste.net>, Johannes Schindelin <johannes.schindelin@gmx.de>, Johannes Schindelin <johannes.schindelin@gmx.de> Precedence: bulk From: Johannes Schindelin <johannes.schindelin@gmx.de>
Series	Allow clean/smudge filters to handle huge files in the LLP64 data model \| expand [v3,0/8] Allow clean/smudge filters to handle huge files in the LLP64 data model [v3,1/8] test-genzeros: allow more than 2G zeros in Windows [v3,2/8] test-tool genzeros: generate large amounts of data more efficiently [v3,3/8] test-lib: add prerequisite for 64-bit platforms [v3,4/8] t1051: introduce a smudge filter test for extremely large files [v3,5/8] odb: teach read_blob_entry to use size_t [v3,6/8] git-compat-util: introduce more size_t helpers [v3,7/8] odb: guard against data loss checking out a huge file [v3,8/8] clean/smudge: allow clean filters to process extremely large files

Message ID

18419070c29aef85c266f01174f436566bf792fd.1635515959.git.gitgitgadget@gmail.com (mailing list archive)

State

New, archived

Headers

Message-Id: 
 <18419070c29aef85c266f01174f436566bf792fd.1635515959.git.gitgitgadget@gmail.com>
In-Reply-To: <pull.1068.v3.git.1635515959.gitgitgadget@gmail.com>
References: <pull.1068.v2.git.1635454237.gitgitgadget@gmail.com>
        <pull.1068.v3.git.1635515959.gitgitgadget@gmail.com>
Date: Fri, 29 Oct 2021 13:59:17 +0000
Subject: [PATCH v3 6/8] git-compat-util: introduce more size_t helpers
Fcc: Sent
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
To: git@vger.kernel.org
Cc: Carlo Arenas <carenas@gmail.com>,
        "brian m. carlson" <sandals@crustytoothpaste.net>,
        Johannes Schindelin <johannes.schindelin@gmx.de>,
        Johannes Schindelin <johannes.schindelin@gmx.de>
Precedence: bulk
From: Johannes Schindelin <johannes.schindelin@gmx.de>

Series

Allow clean/smudge filters to handle huge files in the LLP64 data model | expand

Commit Message

Johannes Schindelin Oct. 29, 2021, 1:59 p.m. UTC

From: Johannes Schindelin <johannes.schindelin@gmx.de>

We will use them in the next commit.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 git-compat-util.h | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

Comments

Junio C Hamano Oct. 29, 2021, 11:10 p.m. UTC | #1

"Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>
writes:

> +/*
> + * Returns true if the left shift of "a" by "shift" bits will
> + * overflow. The type of "a" must be unsigned.
> + */
> +#define unsigned_left_shift_overflows(a, shift) \
> +    ((shift) < bitsizeof(a) && \
> +     (a) > maximum_unsigned_value_of_type(a) >> (shift))

Cute.  So somebody asks

    if (unsigned_left_shift_overflows(a, 100)

and they get "you are unsafe, regardless of the value of a, you get
an overflow".  Makes perfect sensen.

>  #ifdef __GNUC__
>  #define TYPEOF(x) (__typeof__(x))
>  #else
> @@ -859,6 +867,23 @@ static inline size_t st_sub(size_t a, size_t b)
>  	return a - b;
>  }
>  
> +static inline size_t st_left_shift(size_t a, unsigned shift)
> +{
> +	if (unsigned_left_shift_overflows(a, shift))
> +		die("size_t overflow: %"PRIuMAX" << %u",
> +		    (uintmax_t)a, shift);
> +	return a << shift;
> +}

Makes sense.

> +static inline unsigned long cast_size_t_to_ulong(size_t a)
> +{
> +	if (a != (unsigned long)a)
> +		die("object too large to read on this platform: %"
> +		    PRIuMAX" is cut off to %lu",
> +		    (uintmax_t)a, (unsigned long)a);
> +	return (unsigned long)a;
> +}
> +
>  #ifdef HAVE_ALLOCA_H
>  # include <alloca.h>
>  # define xalloca(size)      (alloca(size))

diff --git a/git-compat-util.h b/git-compat-util.h
index a508dbe5a35..1f41e5611a1 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -113,6 +113,14 @@ 
 #define unsigned_mult_overflows(a, b) \
     ((a) && (b) > maximum_unsigned_value_of_type(a) / (a))
 
+/*
+ * Returns true if the left shift of "a" by "shift" bits will
+ * overflow. The type of "a" must be unsigned.
+ */
+#define unsigned_left_shift_overflows(a, shift) \
+    ((shift) < bitsizeof(a) && \
+     (a) > maximum_unsigned_value_of_type(a) >> (shift))
+
 #ifdef __GNUC__
 #define TYPEOF(x) (__typeof__(x))
 #else
@@ -859,6 +867,23 @@  static inline size_t st_sub(size_t a, size_t b)
 	return a - b;
 }
 
+static inline size_t st_left_shift(size_t a, unsigned shift)
+{
+	if (unsigned_left_shift_overflows(a, shift))
+		die("size_t overflow: %"PRIuMAX" << %u",
+		    (uintmax_t)a, shift);
+	return a << shift;
+}
+
+static inline unsigned long cast_size_t_to_ulong(size_t a)
+{
+	if (a != (unsigned long)a)
+		die("object too large to read on this platform: %"
+		    PRIuMAX" is cut off to %lu",
+		    (uintmax_t)a, (unsigned long)a);
+	return (unsigned long)a;
+}
+
 #ifdef HAVE_ALLOCA_H
 # include <alloca.h>
 # define xalloca(size)      (alloca(size))

[v3,6/8] git-compat-util: introduce more size_t helpers

Commit Message

Comments

Patch