Improve a bit `size_t*size_t` overflow checks

author: jvoisin 2023-07-09 18:12:01 +0200
committer: jvoisin 2023-07-09 18:15:35 +0200
commit: a37c769fbbc956461210317fa856be4042c144f4 (patch)
tree: 80c335085b82e6f6ff52101c070f0e3e74119443 /include/fortify-headers.h
parent: f9f83da31803062d1fb665ad612ccede5e445757 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/include/fortify-headers.h b/include/fortify-headers.h
index 6ab5e74..065bca2 100644
--- a/include/fortify-headers.h
+++ b/include/fortify-headers.h
@@ -45,6 +45,10 @@
 /* Use __builtin_dynamic_object_size with _FORTIFY_SOURCE>2, if available.  */
 #if _FORTIFY_SOURCE  > 2 && defined __has_builtin && __has_builtin (__builtin_dynamic_object_size)
+/* 
+ * See:
+ * - https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
+ */
 #define __bos(ptr, type) __builtin_dynamic_object_size (ptr, type)
 #else
 #define __bos(ptr, type) __builtin_object_size (ptr, type)
@@ -57,3 +61,20 @@
 #endif
 #endif
+/* TODO(jvoisin) Figure a nice way to make use of __builtin_mul_overflow while ignoring the result. */
+/* TODO(jvoisin) Make use of C23's stdckdint header: https://gustedt.gitlabpages.inria.fr/c23-library/#stdckdint */
+#if _FORTIFY_SOURCE > 2 && defined __has_builtin
+/*
+ * See:
+ * - https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html
+ * - https://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins
+ */
+#if __has_builtin (__builtin_mul_overflow_p)
+#define __bmo(x, y) (x != 0 && __builtin_mul_overflow_p(x, y, (__typeof__ ((x) + (y))) 0))
+#else /* !__builtin_mul_overflow_p */
+#define __bmo(x, y) (x != 0 && (x * y) / x != y)
+#endif /* __builtin_mul_overflow_p */
+#endif /* __has_builtin */
author	jvoisin	2023-07-09 18:12:01 +0200
committer	jvoisin	2023-07-09 18:15:35 +0200
commit	a37c769fbbc956461210317fa856be4042c144f4 (patch)
tree	80c335085b82e6f6ff52101c070f0e3e74119443 /include/fortify-headers.h
parent	f9f83da31803062d1fb665ad612ccede5e445757 (diff)

diff --git a/include/fortify-headers.h b/include/fortify-headers.h index 6ab5e74..065bca2 100644 --- a/include/fortify-headers.h +++ b/include/fortify-headers.h
@@ -45,6 +45,10 @@
45		45
46	/* Use __builtin_dynamic_object_size with _FORTIFY_SOURCE>2, if available. */	46	/* Use __builtin_dynamic_object_size with _FORTIFY_SOURCE>2, if available. */
47	#if _FORTIFY_SOURCE > 2 && defined __has_builtin && __has_builtin (__builtin_dynamic_object_size)	47	#if _FORTIFY_SOURCE > 2 && defined __has_builtin && __has_builtin (__builtin_dynamic_object_size)
		48	/*
		49	* See:
		50	* - https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
		51	*/
48	#define __bos(ptr, type) __builtin_dynamic_object_size (ptr, type)	52	#define __bos(ptr, type) __builtin_dynamic_object_size (ptr, type)
49	#else	53	#else
50	#define __bos(ptr, type) __builtin_object_size (ptr, type)	54	#define __bos(ptr, type) __builtin_object_size (ptr, type)
@@ -57,3 +61,20 @@
57	#endif	61	#endif
58		62
59	#endif	63	#endif
		64
		65
		66	/* TODO(jvoisin) Figure a nice way to make use of __builtin_mul_overflow while ignoring the result. */
		67	/* TODO(jvoisin) Make use of C23's stdckdint header: https://gustedt.gitlabpages.inria.fr/c23-library/#stdckdint */
		68	#if _FORTIFY_SOURCE > 2 && defined __has_builtin
		69	/*
		70	* See:
		71	* - https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html
		72	* - https://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins
		73	*/
		74	#if __has_builtin (__builtin_mul_overflow_p)
		75	#define __bmo(x, y) (x != 0 && __builtin_mul_overflow_p(x, y, (__typeof__ ((x) + (y))) 0))
		76	#else /* !__builtin_mul_overflow_p */
		77	#define __bmo(x, y) (x != 0 && (x * y) / x != y)
		78	#endif /* __builtin_mul_overflow_p */
		79
		80	#endif /* __has_builtin */