blob: aefa6fd8049604c7bb2f98510555d26e75d455c4 [file] [log] [blame]
/* xalloc-oversized.h -- memory allocation size checking
Copyright (C) 1990-2000, 2003-2004, 2006-2022 Free Software Foundation, Inc.
This file is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of the
License, or (at your option) any later version.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. */
#ifndef XALLOC_OVERSIZED_H_
#define XALLOC_OVERSIZED_H_
#include <stddef.h>
#include <stdint.h>
/* True if N * S does not fit into both ptrdiff_t and size_t.
N and S should be nonnegative and free of side effects.
This expands to a constant expression if N and S are both constants.
By gnulib convention, SIZE_MAX represents overflow in size_t
calculations, so the conservative size_t-based dividend to use here
is SIZE_MAX - 1. */
#define __xalloc_oversized(n, s) \
((s) != 0 \
&& ((size_t) (PTRDIFF_MAX < SIZE_MAX ? PTRDIFF_MAX : SIZE_MAX - 1) / (s) \
< (n)))
/* Return 1 if and only if an array of N objects, each of size S,
cannot exist reliably because its total size in bytes would exceed
MIN (PTRDIFF_MAX, SIZE_MAX - 1).
N and S should be nonnegative and free of side effects.
Warning: (xalloc_oversized (N, S) ? NULL : malloc (N * S)) can
misbehave if N and S are both narrower than ptrdiff_t and size_t,
and can be rewritten as (xalloc_oversized (N, S) ? NULL
: malloc (N * (size_t) S)).
This is a macro, not a function, so that it works even if an
argument exceeds MAX (PTRDIFF_MAX, SIZE_MAX). */
#if 7 <= __GNUC__ && !defined __clang__ && PTRDIFF_MAX < SIZE_MAX
# define xalloc_oversized(n, s) \
__builtin_mul_overflow_p (n, s, (ptrdiff_t) 1)
#elif (5 <= __GNUC__ && !defined __ICC && !__STRICT_ANSI__ \
&& PTRDIFF_MAX < SIZE_MAX)
# define xalloc_oversized(n, s) \
(__builtin_constant_p (n) && __builtin_constant_p (s) \
? __xalloc_oversized (n, s) \
: ({ ptrdiff_t __xalloc_count; \
__builtin_mul_overflow (n, s, &__xalloc_count); }))
/* Other compilers use integer division; this may be slower but is
more portable. */
#else
# define xalloc_oversized(n, s) __xalloc_oversized (n, s)
#endif
#endif /* !XALLOC_OVERSIZED_H_ */