[PATCH 1/3] xalloc-oversized: export xalloc_count

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/3] xalloc-oversized: export xalloc_count_t

From:	Paul Eggert
Subject:	[PATCH 1/3] xalloc-oversized: export xalloc_count_t
Date:	Tue, 6 Apr 2021 17:52:09 -0700

* lib/xalloc-oversized.h (__xalloc_oversized, xalloc_oversized):
* lib/xmalloca.h (nmalloca):
Comment re restrictions on arg types.
* lib/xalloc-oversized.h (xalloc_count_t): Rename from
__xalloc_count_type; all uses changed.  This publicizes the type.
---
 ChangeLog              |  9 +++++++++
 lib/malloca.h          |  1 +
 lib/xalloc-oversized.h | 24 ++++++++++++------------
 lib/xmalloca.h         |  3 ++-
 4 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f3cca1ab2..0c3ea48fe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2021-04-06  Paul Eggert  <eggert@cs.ucla.edu>
+
+       xalloc-oversized: export xalloc_count_t
+       * lib/xalloc-oversized.h (__xalloc_oversized, xalloc_oversized):
+       * lib/xmalloca.h (nmalloca):
+       Comment re restrictions on arg types.
+       * lib/xalloc-oversized.h (xalloc_count_t): Rename from
+       __xalloc_count_type; all uses changed.  This publicizes the type.
+
 2021-04-05  Paul Eggert  <eggert@cs.ucla.edu>
 
        xalloc: try to pacify gcc -Wsign-compare
diff --git a/lib/malloca.h b/lib/malloca.h
index 017812d07..16a156ba2 100644
--- a/lib/malloca.h
+++ b/lib/malloca.h
@@ -77,6 +77,7 @@ extern void freea (void *p);
 /* nmalloca(N,S) is an overflow-safe variant of malloca (N * S).
    It allocates an array of N objects, each with S bytes of memory,
    on the stack.  S must be positive and N must be nonnegative.
+   Either N or S should be of type ptrdiff_t or size_t or wider.
    The array must be freed using freea() before the function returns.  */
 #define nmalloca(n, s) (xalloc_oversized (n, s) ? NULL : malloca ((n) * (s)))
 
diff --git a/lib/xalloc-oversized.h b/lib/xalloc-oversized.h
index 53daf5966..3618c75cb 100644
--- a/lib/xalloc-oversized.h
+++ b/lib/xalloc-oversized.h
@@ -21,34 +21,34 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* True if N * S would overflow in a size_t calculation,
-   or would generate a value larger than PTRDIFF_MAX.
+/* True if N * S does not fit into both ptrdiff_t and size_t.
+   S must be positive and N must be nonnegative.
    This expands to a constant expression if N and S are both constants.
-   By gnulib convention, SIZE_MAX represents overflow in size
+   By gnulib convention, SIZE_MAX represents overflow in size_t
    calculations, so the conservative size_t-based dividend to use here
    is SIZE_MAX - 1.  */
 #define __xalloc_oversized(n, s) \
   ((size_t) (PTRDIFF_MAX < SIZE_MAX ? PTRDIFF_MAX : SIZE_MAX - 1) / (s) < (n))
 
 #if PTRDIFF_MAX < SIZE_MAX
-typedef ptrdiff_t __xalloc_count_type;
+typedef ptrdiff_t xalloc_count_t;
 #else
-typedef size_t __xalloc_count_type;
+typedef size_t xalloc_count_t;
 #endif
 
-/* Return 1 if an array of N objects, each of size S, cannot exist
-   reliably due to size or ptrdiff_t arithmetic overflow.  S must be
-   positive and N must be nonnegative.  This is a macro, not a
-   function, so that it works correctly even when SIZE_MAX < N.  */
-
+/* Return 1 if an array of N objects, each of size S, cannot exist reliably
+   because its total size in bytes exceeds MIN (PTRDIFF_MAX, SIZE_MAX).
+   N must be nonnegative, S must be positive, and either N or S should be
+   of type ptrdiff_t or size_t or wider.  This is a macro, not a function,
+   so that it works even if an argument exceeds MAX (PTRDIFF_MAX, SIZE_MAX).  
*/
 #if 7 <= __GNUC__ && !defined __clang__
 # define xalloc_oversized(n, s) \
-   __builtin_mul_overflow_p (n, s, (__xalloc_count_type) 1)
+   __builtin_mul_overflow_p (n, s, (xalloc_count_t) 1)
 #elif 5 <= __GNUC__ && !defined __ICC && !__STRICT_ANSI__
 # define xalloc_oversized(n, s) \
    (__builtin_constant_p (n) && __builtin_constant_p (s) \
     ? __xalloc_oversized (n, s) \
-    : ({ __xalloc_count_type __xalloc_count; \
+    : ({ xalloc_count_t __xalloc_count; \
          __builtin_mul_overflow (n, s, &__xalloc_count); }))
 
 /* Other compilers use integer division; this may be slower but is
diff --git a/lib/xmalloca.h b/lib/xmalloca.h
index cbaa89d73..a87a336b6 100644
--- a/lib/xmalloca.h
+++ b/lib/xmalloca.h
@@ -45,7 +45,8 @@ extern void * xmmalloca (size_t n);
 
 /* xnmalloca(N,S) is an overflow-safe variant of xmalloca (N * S).
    It allocates an array of N objects, each with S bytes of memory,
-   on the stack.  S must be positive and N must be nonnegative.
+   on the stack.  S must be positive and N must be nonnegative,
+   and at least one of N and S should be ptrdiff_t or size_t or wider.
    The array must be freed using freea() before the function returns.
    Upon failure, it exits with an error message.  */
 #if HAVE_ALLOCA
-- 
2.27.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 1/3] xalloc-oversized: export xalloc_count_t, Paul Eggert <=
- [PATCH 3/3] group-member: minor tweak to omit a *, Paul Eggert, 2021/04/06
- [PATCH 2/3] backupfile: less-aggressive buffer growth, Paul Eggert, 2021/04/06

Prev by Date: [PATCH 2/3] backupfile: less-aggressive buffer growth
Next by Date: [PATCH] tests: fix test-execute with GNU make jobserver
Previous by thread: Type-safe typecasts
Next by thread: [PATCH 3/3] group-member: minor tweak to omit a *
Index(es):
- Date
- Thread