From a37c769fbbc956461210317fa856be4042c144f4 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sun, 9 Jul 2023 18:12:01 +0200
Subject: Improve a bit `size_t*size_t` overflow checks

---
 include/fortify-headers.h | 21 +++++++++++++++++++++
 include/stdio.h           |  4 ++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/include/fortify-headers.h b/include/fortify-headers.h
index 6ab5e74..065bca2 100644
--- a/include/fortify-headers.h
+++ b/include/fortify-headers.h
@@ -45,6 +45,10 @@
 
 /* Use __builtin_dynamic_object_size with _FORTIFY_SOURCE>2, if available.  */
 #if _FORTIFY_SOURCE  > 2 && defined __has_builtin && __has_builtin (__builtin_dynamic_object_size)
+/* 
+ * See:
+ * - https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
+ */
 #define __bos(ptr, type) __builtin_dynamic_object_size (ptr, type)
 #else
 #define __bos(ptr, type) __builtin_object_size (ptr, type)
@@ -57,3 +61,20 @@
 #endif
 
 #endif
+
+
+/* TODO(jvoisin) Figure a nice way to make use of __builtin_mul_overflow while ignoring the result. */
+/* TODO(jvoisin) Make use of C23's stdckdint header: https://gustedt.gitlabpages.inria.fr/c23-library/#stdckdint */
+#if _FORTIFY_SOURCE > 2 && defined __has_builtin
+/*
+ * See:
+ * - https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html
+ * - https://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins
+ */
+#if __has_builtin (__builtin_mul_overflow_p)
+#define __bmo(x, y) (x != 0 && __builtin_mul_overflow_p(x, y, (__typeof__ ((x) + (y))) 0))
+#else /* !__builtin_mul_overflow_p */
+#define __bmo(x, y) (x != 0 && (x * y) / x != y)
+#endif /* __builtin_mul_overflow_p */
+
+#endif /* __has_builtin */
diff --git a/include/stdio.h b/include/stdio.h
index cc16e46..d5206f5 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -53,7 +53,7 @@ _FORTIFY_FN(fread) size_t fread(void * _FORTIFY_POS0 __d, size_t __n,
 {
 	size_t __b = __bos(__d, 0);
 
-	if (__n != 0 && (__n * __m) / __n != __m)
+	if (__bmo(__n, __m))
 		__builtin_trap();
 	if (__n * __m > __b)
 		__builtin_trap();
@@ -66,7 +66,7 @@ _FORTIFY_FN(fwrite) size_t fwrite(const void * _FORTIFY_POS0 __d, size_t __n,
 {
 	size_t __b = __bos(__d, 0);
 
-	if (__n != 0 && (__n * __m) / __n != __m)
+	if (__bmo(__n, __m))
 		__builtin_trap();
 	if (__n * __m > __b)
 		__builtin_trap();
-- 
cgit v1.3