zinface
/
SDL
mirror of https://github.com/libsdl-org/SDL
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Renamed SDL_size_add_overflow() and SDL_size_mul_overflow()

This commit is contained in:
Sam Lantinga 2024-09-02 12:56:44 -07:00
parent fb7245fb93
commit eacf119923
11 changed files with 117 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
build-scripts/SDL_migration.cocci
View File

File diff suppressed because one or more lines are too long

2
docs/README-migration.md
View File

@ -1723,6 +1723,8 @@ The following macros have been removed:
* SDL_TABLESIZE() - use SDL_arraysize() instead
The following functions have been renamed:
* SDL_size_add_overflow() => SDL_size_add_check_overflow()
* SDL_size_mul_overflow() => SDL_size_mul_check_overflow()
* SDL_strtokr() => SDL_strtok_r()
The following functions have been removed:

4
include/SDL3/SDL_oldnames.h
View File

@ -581,6 +581,8 @@
/* ##SDL_stdinc.h */
#define SDL_TABLESIZE SDL_arraysize
#define SDL_size_add_overflow SDL_size_add_check_overflow
#define SDL_size_mul_overflow SDL_size_mul_check_overflow
#define SDL_strtokr SDL_strtok_r
/* ##SDL_surface.h */
@ -1205,6 +1207,8 @@
/* ##SDL_stdinc.h */
#define SDL_TABLESIZE SDL_TABLESIZE_renamed_SDL_arraysize
#define SDL_size_add_overflow SDL_size_add_overflow_renamed_SDL_size_add_check_overflow
#define SDL_size_mul_overflow SDL_size_mul_overflow_renamed_SDL_size_mul_check_overflow
#define SDL_strtokr SDL_strtokr_renamed_SDL_strtok_r
/* ##SDL_surface.h */

40
include/SDL3/SDL_stdinc.h
View File

@ -3082,29 +3082,27 @@ size_t wcslcat(wchar_t *dst, const wchar_t *src, size_t size);
/**
* Multiply two integers, checking for overflow.
*
* If `a * b` would overflow, return -1.
* If `a * b` would overflow, return SDL_FALSE.
*
* Otherwise store `a * b` via ret and return 0.
* Otherwise store `a * b` via ret and return SDL_TRUE.
*
* \param a the multiplicand.
* \param b the multiplier.
* \param ret on non-overflow output, stores the multiplication result. May
* not be NULL.
* \returns -1 on overflow, 0 if result doesn't overflow.
* \returns SDL_FALSE on overflow, SDL_TRUE if result is multiplied without overflow.
*
* \threadsafety It is safe to call this function from any thread.
*
* \since This function is available since SDL 3.0.0.
*/
SDL_FORCE_INLINE int SDL_size_mul_overflow (size_t a,
size_t b,
size_t *ret)
SDL_FORCE_INLINE SDL_bool SDL_size_mul_check_overflow(size_t a, size_t b, size_t *ret)
{
if (a != 0 && b > SDL_SIZE_MAX / a) {
return -1;
return SDL_FALSE;
}
*ret = a * b;
return 0;
return SDL_TRUE;
}
#ifndef SDL_WIKI_DOCUMENTATION_SECTION
@ -3112,13 +3110,11 @@ SDL_FORCE_INLINE int SDL_size_mul_overflow (size_t a,
/* This needs to be wrapped in an inline rather than being a direct #define,
* because __builtin_mul_overflow() is type-generic, but we want to be
* consistent about interpreting a and b as size_t. */
SDL_FORCE_INLINE int SDL_size_mul_overflow_builtin (size_t a,
size_t b,
size_t *ret)
SDL_FORCE_INLINE SDL_bool SDL_size_mul_check_overflow_builtin(size_t a, size_t b, size_t *ret)
{
return __builtin_mul_overflow(a, b, ret) == 0 ? 0 : -1;
return (__builtin_mul_overflow(a, b, ret) == 0);
}
#define SDL_size_mul_overflow(a, b, ret) (SDL_size_mul_overflow_builtin(a, b, ret))
#define SDL_size_mul_check_overflow(a, b, ret) SDL_size_mul_check_overflow_builtin(a, b, ret)
#endif
#endif
@ -3133,34 +3129,30 @@ SDL_FORCE_INLINE int SDL_size_mul_overflow_builtin (size_t a,
* \param b the second addend.
* \param ret on non-overflow output, stores the addition result. May not be
* NULL.
* \returns -1 on overflow, 0 if result doesn't overflow.
* \returns SDL_FALSE on overflow, SDL_TRUE if result is added without overflow.
*
* \threadsafety It is safe to call this function from any thread.
*
* \since This function is available since SDL 3.0.0.
*/
SDL_FORCE_INLINE int SDL_size_add_overflow (size_t a,
size_t b,
size_t *ret)
SDL_FORCE_INLINE SDL_bool SDL_size_add_check_overflow(size_t a, size_t b, size_t *ret)
{
if (b > SDL_SIZE_MAX - a) {
return -1;
return SDL_FALSE;
}
*ret = a + b;
return 0;
return SDL_TRUE;
}
#ifndef SDL_WIKI_DOCUMENTATION_SECTION
#if SDL_HAS_BUILTIN(__builtin_add_overflow)
/* This needs to be wrapped in an inline rather than being a direct #define,
* the same as the call to __builtin_mul_overflow() above. */
SDL_FORCE_INLINE int SDL_size_add_overflow_builtin (size_t a,
size_t b,
size_t *ret)
SDL_FORCE_INLINE SDL_bool SDL_size_add_check_overflow_builtin(size_t a, size_t b, size_t *ret)
{
return __builtin_add_overflow(a, b, ret) == 0 ? 0 : -1;
return (__builtin_add_overflow(a, b, ret) == 0);
}
#define SDL_size_add_overflow(a, b, ret) (SDL_size_add_overflow_builtin(a, b, ret))
#define SDL_size_add_check_overflow(a, b, ret) SDL_size_add_check_overflow_builtin(a, b, ret)
#endif
#endif

2
src/SDL_assert.c
View File

@ -175,7 +175,7 @@ static SDL_AssertState SDLCALL SDL_PromptAssertion(const SDL_AssertData *data, v
// .. and if it didn't, try to allocate as much room as we actually need.
if (len >= (int)buf_len) {
if (SDL_size_add_overflow(len, 1, &buf_len) == 0) {
if (SDL_size_add_check_overflow(len, 1, &buf_len)) {
message = (char *)SDL_malloc(buf_len);
if (message) {
len = SDL_RenderAssertMessage(message, buf_len, data);

2
src/SDL_log.c
View File

@ -480,7 +480,7 @@ void SDL_LogMessageV(int category, SDL_LogPriority priority, SDL_PRINTF_FORMAT_S
}
// If message truncated, allocate and re-render
if (len >= sizeof(stack_buf) && SDL_size_add_overflow(len, 1, &len_plus_term) == 0) {
if (len >= sizeof(stack_buf) && SDL_size_add_check_overflow(len, 1, &len_plus_term)) {
// Allocate exactly what we need, including the zero-terminator
message = (char *)SDL_malloc(len_plus_term);
if (!message) {

6
src/stdlib/SDL_stdlib.c
View File

@ -539,9 +539,9 @@ void *SDL_aligned_alloc(size_t alignment, size_t size)
}
padding = (alignment - (size % alignment));
if (SDL_size_add_overflow(size, alignment, &size) == 0 &&
SDL_size_add_overflow(size, sizeof(void *), &size) == 0 &&
SDL_size_add_overflow(size, padding, &size) == 0) {
if (SDL_size_add_check_overflow(size, alignment, &size) &&
SDL_size_add_check_overflow(size, sizeof(void *), &size) &&
SDL_size_add_check_overflow(size, padding, &size)) {
void *original = SDL_malloc(size);
if (original) {
// Make sure we have enough space to store the original pointer

4
src/video/SDL_RLEaccel.c
View File

@ -1456,7 +1456,7 @@ static bool UnRLEAlpha(SDL_Surface *surface)
uncopy_opaque = uncopy_transl = uncopy_32;
}
if (SDL_size_mul_overflow(surface->h, surface->pitch, &size)) {
if (!SDL_size_mul_check_overflow(surface->h, surface->pitch, &size)) {
return false;
}
@ -1527,7 +1527,7 @@ void SDL_UnRLESurface(SDL_Surface *surface, bool recode)
size_t size;
// re-create the original surface
if (SDL_size_mul_overflow(surface->h, surface->pitch, &size)) {
if (!SDL_size_mul_check_overflow(surface->h, surface->pitch, &size)) {
// Memory corruption?
surface->internal->flags |= SDL_INTERNAL_SURFACE_RLEACCEL;
return;

10
src/video/SDL_surface.c
View File

@ -61,27 +61,27 @@ void SDL_UpdateSurfaceLockFlag(SDL_Surface *surface)
static bool SDL_CalculateRGBSize(Uint32 format, size_t width, size_t height, size_t *size, size_t *pitch, bool minimal)
{
if (SDL_BITSPERPIXEL(format) >= 8) {
if (SDL_size_mul_overflow(width, SDL_BYTESPERPIXEL(format), pitch)) {
if (!SDL_size_mul_check_overflow(width, SDL_BYTESPERPIXEL(format), pitch)) {
return SDL_SetError("width * bpp would overflow");
}
} else {
if (SDL_size_mul_overflow(width, SDL_BITSPERPIXEL(format), pitch)) {
if (!SDL_size_mul_check_overflow(width, SDL_BITSPERPIXEL(format), pitch)) {
return SDL_SetError("width * bpp would overflow");
}
if (SDL_size_add_overflow(*pitch, 7, pitch)) {
if (!SDL_size_add_check_overflow(*pitch, 7, pitch)) {
return SDL_SetError("aligning pitch would overflow");
}
*pitch /= 8;
}
if (!minimal) {
// 4-byte aligning for speed
if (SDL_size_add_overflow(*pitch, 3, pitch)) {
if (!SDL_size_add_check_overflow(*pitch, 3, pitch)) {
return SDL_SetError("aligning pitch would overflow");
}
*pitch &= ~3;
}
if (SDL_size_mul_overflow(height, *pitch, size)) {
if (!SDL_size_mul_check_overflow(height, *pitch, size)) {
return SDL_SetError("height * pitch would overflow");
}

26
src/video/SDL_yuv.c
View File

@ -43,7 +43,7 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
{
/* sz_plane == w * h; */
size_t s1;
if (SDL_size_mul_overflow(w, h, &s1) < 0) {
if (!SDL_size_mul_check_overflow(w, h, &s1)) {
return SDL_SetError("width * height would overflow");
}
sz_plane = (int) s1;
@ -52,15 +52,15 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
{
/* sz_plane_chroma == ((w + 1) / 2) * ((h + 1) / 2); */
size_t s1, s2, s3;
if (SDL_size_add_overflow(w, 1, &s1) < 0) {
if (!SDL_size_add_check_overflow(w, 1, &s1)) {
return SDL_SetError("width + 1 would overflow");
}
s1 = s1 / 2;
if (SDL_size_add_overflow(h, 1, &s2) < 0) {
if (!SDL_size_add_check_overflow(h, 1, &s2)) {
return SDL_SetError("height + 1 would overflow");
}
s2 = s2 / 2;
if (SDL_size_mul_overflow(s1, s2, &s3) < 0) {
if (!SDL_size_mul_check_overflow(s1, s2, &s3)) {
return SDL_SetError("width * height would overflow");
}
sz_plane_chroma = (int) s3;
@ -68,11 +68,11 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
} else {
/* sz_plane_packed == ((w + 1) / 2) * h; */
size_t s1, s2;
if (SDL_size_add_overflow(w, 1, &s1) < 0) {
if (!SDL_size_add_check_overflow(w, 1, &s1)) {
return SDL_SetError("width + 1 would overflow");
}
s1 = s1 / 2;
if (SDL_size_mul_overflow(s1, h, &s2) < 0) {
if (!SDL_size_mul_check_overflow(s1, h, &s2)) {
return SDL_SetError("width * height would overflow");
}
sz_plane_packed = (int) s2;
@ -89,10 +89,10 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
if (size) {
// dst_size == sz_plane + sz_plane_chroma + sz_plane_chroma;
size_t s1, s2;
if (SDL_size_add_overflow(sz_plane, sz_plane_chroma, &s1) < 0) {
if (!SDL_size_add_check_overflow(sz_plane, sz_plane_chroma, &s1)) {
return SDL_SetError("Y + U would overflow");
}
if (SDL_size_add_overflow(s1, sz_plane_chroma, &s2) < 0) {
if (!SDL_size_add_check_overflow(s1, sz_plane_chroma, &s2)) {
return SDL_SetError("Y + U + V would overflow");
}
*size = (int)s2;
@ -106,11 +106,11 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
if (pitch) {
/* pitch == ((w + 1) / 2) * 4; */
size_t p1, p2;
if (SDL_size_add_overflow(w, 1, &p1) < 0) {
if (!SDL_size_add_check_overflow(w, 1, &p1)) {
return SDL_SetError("width + 1 would overflow");
}
p1 = p1 / 2;
if (SDL_size_mul_overflow(p1, 4, &p2) < 0) {
if (!SDL_size_mul_check_overflow(p1, 4, &p2)) {
return SDL_SetError("width * 4 would overflow");
}
*pitch = p2;
@ -119,7 +119,7 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
if (size) {
/* dst_size == 4 * sz_plane_packed; */
size_t s1;
if (SDL_size_mul_overflow(sz_plane_packed, 4, &s1) < 0) {
if (!SDL_size_mul_check_overflow(sz_plane_packed, 4, &s1)) {
return SDL_SetError("plane * 4 would overflow");
}
*size = (int) s1;
@ -135,10 +135,10 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
if (size) {
// dst_size == sz_plane + sz_plane_chroma + sz_plane_chroma;
size_t s1, s2;
if (SDL_size_add_overflow(sz_plane, sz_plane_chroma, &s1) < 0) {
if (!SDL_size_add_check_overflow(sz_plane, sz_plane_chroma, &s1)) {
return SDL_SetError("Y + U would overflow");
}
if (SDL_size_add_overflow(s1, sz_plane_chroma, &s2) < 0) {
if (!SDL_size_add_check_overflow(s1, sz_plane_chroma, &s2)) {
return SDL_SetError("Y + U + V would overflow");
}
*size = (int) s2;

78
test/testautomation_stdlib.c
View File

@ -917,32 +917,32 @@ typedef struct
size_t a;
size_t b;
size_t result;
int status;
SDL_bool status;
} overflow_test;
static const overflow_test multiplications[] = {
{ 1, 1, 1, 0 },
{ 0, 0, 0, 0 },
{ SDL_SIZE_MAX, 0, 0, 0 },
{ SDL_SIZE_MAX, 1, SDL_SIZE_MAX, 0 },
{ SDL_SIZE_MAX / 2, 2, SDL_SIZE_MAX - (SDL_SIZE_MAX % 2), 0 },
{ SDL_SIZE_MAX / 23, 23, SDL_SIZE_MAX - (SDL_SIZE_MAX % 23), 0 },
{ 1, 1, 1, SDL_TRUE },
{ 0, 0, 0, SDL_TRUE },
{ SDL_SIZE_MAX, 0, 0, SDL_TRUE },
{ SDL_SIZE_MAX, 1, SDL_SIZE_MAX, SDL_TRUE },
{ SDL_SIZE_MAX / 2, 2, SDL_SIZE_MAX - (SDL_SIZE_MAX % 2), SDL_TRUE },
{ SDL_SIZE_MAX / 23, 23, SDL_SIZE_MAX - (SDL_SIZE_MAX % 23), SDL_TRUE },
{ (SDL_SIZE_MAX / 2) + 1, 2, 0, -1 },
{ (SDL_SIZE_MAX / 23) + 42, 23, 0, -1 },
{ SDL_SIZE_MAX, SDL_SIZE_MAX, 0, -1 },
{ (SDL_SIZE_MAX / 2) + 1, 2, 0, SDL_FALSE },
{ (SDL_SIZE_MAX / 23) + 42, 23, 0, SDL_FALSE },
{ SDL_SIZE_MAX, SDL_SIZE_MAX, 0, SDL_FALSE },
};
static const overflow_test additions[] = {
{ 1, 1, 2, 0 },
{ 0, 0, 0, 0 },
{ SDL_SIZE_MAX, 0, SDL_SIZE_MAX, 0 },
{ SDL_SIZE_MAX - 1, 1, SDL_SIZE_MAX, 0 },
{ SDL_SIZE_MAX - 42, 23, SDL_SIZE_MAX - (42 - 23), 0 },
{ 1, 1, 2, SDL_TRUE },
{ 0, 0, 0, SDL_TRUE },
{ SDL_SIZE_MAX, 0, SDL_SIZE_MAX, SDL_TRUE },
{ SDL_SIZE_MAX - 1, 1, SDL_SIZE_MAX, SDL_TRUE },
{ SDL_SIZE_MAX - 42, 23, SDL_SIZE_MAX - (42 - 23), SDL_TRUE },
{ SDL_SIZE_MAX, 1, 0, -1 },
{ SDL_SIZE_MAX, 23, 0, -1 },
{ SDL_SIZE_MAX, SDL_SIZE_MAX, 0, -1 },
{ SDL_SIZE_MAX, 1, 0, SDL_FALSE },
{ SDL_SIZE_MAX, 23, 0, SDL_FALSE },
{ SDL_SIZE_MAX, SDL_SIZE_MAX, 0, SDL_FALSE },
};
static int
@ -964,22 +964,22 @@ stdlib_overflow(void *arg)
size_t result = ~t->result;
if (useBuiltin) {
status = SDL_size_mul_overflow(t->a, t->b, &result);
status = SDL_size_mul_check_overflow(t->a, t->b, &result);
} else {
/* This disables the macro that tries to use a gcc/clang
* builtin, so we test the fallback implementation instead. */
status = (SDL_size_mul_overflow)(t->a, t->b, &result);
status = (SDL_size_mul_check_overflow)(t->a, t->b, &result);
}
if (t->status == 0) {
SDLTest_AssertCheck(status == 0,
if (t->status) {
SDLTest_AssertCheck(status,
"(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should succeed",
t->a, t->b);
SDLTest_AssertCheck(result == t->result,
"(%" SIZE_FORMAT " * %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
t->a, t->b, t->result, result);
} else {
SDLTest_AssertCheck(status == -1,
SDLTest_AssertCheck(!status,
"(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should fail",
t->a, t->b);
}
@ -991,20 +991,20 @@ stdlib_overflow(void *arg)
result = ~t->result;
if (useBuiltin) {
status = SDL_size_mul_overflow(t->b, t->a, &result);
status = SDL_size_mul_check_overflow(t->b, t->a, &result);
} else {
status = (SDL_size_mul_overflow)(t->b, t->a, &result);
status = (SDL_size_mul_check_overflow)(t->b, t->a, &result);
}
if (t->status == 0) {
SDLTest_AssertCheck(status == 0,
if (t->status) {
SDLTest_AssertCheck(status,
"(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should succeed",
t->b, t->a);
SDLTest_AssertCheck(result == t->result,
"(%" SIZE_FORMAT " * %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
t->b, t->a, t->result, result);
} else {
SDLTest_AssertCheck(status == -1,
SDLTest_AssertCheck(!status,
"(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should fail",
t->b, t->a);
}
@ -1012,24 +1012,24 @@ stdlib_overflow(void *arg)
for (i = 0; i < SDL_arraysize(additions); i++) {
const overflow_test *t = &additions[i];
int status;
SDL_bool status;
size_t result = ~t->result;
if (useBuiltin) {
status = SDL_size_add_overflow(t->a, t->b, &result);
status = SDL_size_add_check_overflow(t->a, t->b, &result);
} else {
status = (SDL_size_add_overflow)(t->a, t->b, &result);
status = (SDL_size_add_check_overflow)(t->a, t->b, &result);
}
if (t->status == 0) {
SDLTest_AssertCheck(status == 0,
if (t->status) {
SDLTest_AssertCheck(status,
"(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should succeed",
t->a, t->b);
SDLTest_AssertCheck(result == t->result,
"(%" SIZE_FORMAT " + %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
t->a, t->b, t->result, result);
} else {
SDLTest_AssertCheck(status == -1,
SDLTest_AssertCheck(!status,
"(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should fail",
t->a, t->b);
}
@ -1041,20 +1041,20 @@ stdlib_overflow(void *arg)
result = ~t->result;
if (useBuiltin) {
status = SDL_size_add_overflow(t->b, t->a, &result);
status = SDL_size_add_check_overflow(t->b, t->a, &result);
} else {
status = (SDL_size_add_overflow)(t->b, t->a, &result);
status = (SDL_size_add_check_overflow)(t->b, t->a, &result);
}
if (t->status == 0) {
SDLTest_AssertCheck(status == 0,
if (t->status) {
SDLTest_AssertCheck(status,
"(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should succeed",
t->b, t->a);
SDLTest_AssertCheck(result == t->result,
"(%" SIZE_FORMAT " + %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
t->b, t->a, t->result, result);
} else {
SDLTest_AssertCheck(status == -1,
SDLTest_AssertCheck(!status,
"(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should fail",
t->b, t->a);
}