[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnulib] linebreak.c proposed patches for size-calculation overf
From: |
Bruno Haible |
Subject: |
Re: [Bug-gnulib] linebreak.c proposed patches for size-calculation overflows |
Date: |
Fri, 31 Oct 2003 13:38:35 +0100 |
User-agent: |
KMail/1.5 |
Paul Eggert wrote:
> overflow problems in linebreak.c.
Thanks for looking into that.
> - char *memory = malloc (n * sizeof (size_t) + m + m);
>
> + size_t two_m = 2 * m;
> + size_t memory_size = n * sizeof (size_t) + two_m;
> + if (n <= (size_t)(-1) / sizeof (size_t)
> + && m <= two_m && two_m <= memory_size)
> + char *memory = malloc (memory_size);
This is all correct, but it's getting unmaintainable. The xalloc_oversized
was a good start to keep the code clear. But here we need more macros or
inline functions.
Since I want to continue writing expressions as expressions, not broken
into statements, I imagine macros that let me write:
bool overflow = false;
size_t size = xsum3 (xtimes (n, sizeof (size_t), &overflow),
m,
m,
&overflow);
if (!overflow)
{
char *memory = malloc (size);
What do you think? Other proposals how this code could be written in a
maintainable way?
Bruno