src/integer.h


Log

Author Commit Date CI Message
Edward Thomson 05237ee5 2019-06-23T17:20:17 integer: use int64_t's for checks Use int64_t internally for type visibility.
Patrick Steinhardt 37141ff7 2019-10-21T18:56:59 patch_parse: detect overflow when calculating old/new line position When the patch contains lines close to INT_MAX, then it may happen that we end up with an integer overflow when calculating the line of the current diff hunk. Reject such patches as unreasonable to avoid the integer overflow. As the calculation is performed on integers, we introduce two new helpers `git__add_int_overflow` and `git__sub_int_overflow` that perform the integer overflow check in a generic way.
Patrick Steinhardt 5cf17e0f 2019-10-03T09:39:42 commit_list: store in/out-degrees as uint16_t The commit list's in- and out-degrees are currently stored as `unsigned short`. When assigning it the value of `git_array_size`, which returns an `size_t`, this generates a warning on some Win32 platforms due to loosing precision. We could just cast the returned value of `git_array_size`, which would work fine for 99.99% of all cases as commits typically have less than 2^16 parents. For crafted commits though we might end up with a wrong value, and thus we should definitely check whether the array size actually fits into the field. To ease the check, let's convert the fields to store the degrees as `uint16_t`. We shouldn't rely on such unspecific types anyway, as it may lead to different behaviour across platforms. Furthermore, this commit introduces a new `git__is_uint16` function to check whether it actually fits -- if not, we return an error.
Edward Thomson 75444d97 2019-01-20T13:52:46 add with overflow: correct documentation Correct the documentation on the fallback add/multiply with overflow functions.
Edward Thomson abbc07f1 2019-01-20T13:51:15 add with overflow: use SizeTAdd on Windows Windows provides <intsafe.h> which provides "performant" add and multiply with overflow operations. Use them when possible.
Edward Thomson c6d47acf 2019-01-20T13:04:10 Remove unused git__add_uint64_overflow
Edward Thomson f04f1c7e 2019-01-20T13:00:53 add with overflow intrinsics: simplify tests Use the smallest unsigned type that is equivalent to `size_t` to simplify the conditionals. Error if we're on a system that we believe offers builtins but we cannot determine which one to use.
lhchavez 2848923a 2019-01-08T17:32:23 Let GCC use the add/mul overflow intrinsics This change tweaks the macros for git__{add,multiply}_sizet_overflow so that GCC can use them. It also stops using the uadd,umul versions since the add,mul can handle way more cases.
lhchavez 728101e3 2019-01-08T17:35:16 Move the intrinsics part of the change to its own PR Less controversial changes together is better.
lhchavez b5e8272f 2019-01-06T08:29:56 Attempt at fixing the MingW64 compilation It seems like MingW64's size_t is defined differently than in Linux.
lhchavez 7b453e7e 2019-01-05T22:12:48 Fix a bunch of warnings This change fixes a bunch of warnings that were discovered by compiling with `clang -target=i386-pc-linux-gnu`. It turned out that the intrinsics were not necessarily being used in all platforms! Especially in GCC, since it does not support __has_builtin. Some more warnings were gleaned from the Windows build, but I stopped when I saw that some third-party dependencies (e.g. zlib) have warnings of their own, so we might never be able to enable -Werror there.
Edward Thomson abb04caa 2018-02-01T15:55:48 consistent header guards use consistent names for the #include / #define header guard pattern.
Edward Thomson a0d38479 2017-01-22T01:42:45 mac: on 32 bit, use `__builtin_umull_overflow`
Jeff Hostetler c92987d1 2015-02-20T10:21:32 Fix MAX 32 bit build problem described in libgit2/libgit2#2917
Edward Thomson 16942c6f 2015-02-12T17:36:48 integer overflow: use compiler intrinsics if supported gcc and clang support __builtin_add_overflow, use it whenever possible, falling back to our naive routines.
Edward Thomson f1453c59 2015-02-12T12:19:37 Make our overflow check look more like gcc/clang's Make our overflow checking look more like gcc and clang's, so that we can substitute it out with the compiler instrinsics on platforms that support it. This means dropping the ability to pass `NULL` as an out parameter. As a result, the macros also get updated to reflect this as well.
Edward Thomson 190b76a6 2015-02-11T14:52:08 Introduce git__add_sizet_overflow and friends Add some helper functions to check for overflow in a type-specific manner.