/[zanavi_public1]/navit/intl/xsize.h
ZANavi

Contents of /navit/intl/xsize.h

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2 - (show annotations) (download)
Fri Oct 28 21:19:04 2011 UTC (12 years, 5 months ago) by zoff99
File MIME type: text/plain
File size: 3538 byte(s)
import files
1 /* xsize.h -- Checked size_t computations.
2
3 Copyright (C) 2003 Free Software Foundation, Inc.
4
5 This program is free software; you can redistribute it and/or modify it
6 under the terms of the GNU Library General Public License as published
7 by the Free Software Foundation; either version 2, or (at your option)
8 any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Library General Public License for more details.
14
15 You should have received a copy of the GNU Library General Public
16 License along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
18 USA. */
19
20 #ifndef _XSIZE_H
21 #define _XSIZE_H
22
23 /* Get size_t. */
24 #include <stddef.h>
25
26 /* Get SIZE_MAX. */
27 #include <limits.h>
28 #if HAVE_STDINT_H
29 # include <stdint.h>
30 #endif
31
32 /* The size of memory objects is often computed through expressions of
33 type size_t. Example:
34 void* p = malloc (header_size + n * element_size).
35 These computations can lead to overflow. When this happens, malloc()
36 returns a piece of memory that is way too small, and the program then
37 crashes while attempting to fill the memory.
38 To avoid this, the functions and macros in this file check for overflow.
39 The convention is that SIZE_MAX represents overflow.
40 malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc
41 implementation that uses mmap --, it's recommended to use size_overflow_p()
42 or size_in_bounds_p() before invoking malloc().
43 The example thus becomes:
44 size_t size = xsum (header_size, xtimes (n, element_size));
45 void *p = (size_in_bounds_p (size) ? malloc (size) : NULL);
46 */
47
48 /* Convert an arbitrary value >= 0 to type size_t. */
49 #define xcast_size_t(N) \
50 ((N) <= SIZE_MAX ? (size_t) (N) : SIZE_MAX)
51
52 /* Sum of two sizes, with overflow check. */
53 static inline size_t
54 #if __GNUC__ >= 3
55 __attribute__ ((__pure__))
56 #endif
57 xsum (size_t size1, size_t size2)
58 {
59 size_t sum = size1 + size2;
60 return (sum >= size1 ? sum : SIZE_MAX);
61 }
62
63 /* Sum of three sizes, with overflow check. */
64 static inline size_t
65 #if __GNUC__ >= 3
66 __attribute__ ((__pure__))
67 #endif
68 xsum3 (size_t size1, size_t size2, size_t size3)
69 {
70 return xsum (xsum (size1, size2), size3);
71 }
72
73 /* Sum of four sizes, with overflow check. */
74 static inline size_t
75 #if __GNUC__ >= 3
76 __attribute__ ((__pure__))
77 #endif
78 xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
79 {
80 return xsum (xsum (xsum (size1, size2), size3), size4);
81 }
82
83 /* Maximum of two sizes, with overflow check. */
84 static inline size_t
85 #if __GNUC__ >= 3
86 __attribute__ ((__pure__))
87 #endif
88 xmax (size_t size1, size_t size2)
89 {
90 /* No explicit check is needed here, because for any n:
91 max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */
92 return (size1 >= size2 ? size1 : size2);
93 }
94
95 /* Multiplication of a count with an element size, with overflow check.
96 The count must be >= 0 and the element size must be > 0.
97 This is a macro, not an inline function, so that it works correctly even
98 when N is of a wider tupe and N > SIZE_MAX. */
99 #define xtimes(N, ELSIZE) \
100 ((N) <= SIZE_MAX / (ELSIZE) ? (size_t) (N) * (ELSIZE) : SIZE_MAX)
101
102 /* Check for overflow. */
103 #define size_overflow_p(SIZE) \
104 ((SIZE) == SIZE_MAX)
105 /* Check against overflow. */
106 #define size_in_bounds_p(SIZE) \
107 ((SIZE) != SIZE_MAX)
108
109 #endif /* _XSIZE_H */

   
Visit the ZANavi Wiki