X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Fxsize.h;h=2b955b635fa76cbb2466cd9573c24181179cdb33;hb=32d1664e8e930d8fa6a29db4caac4d21623e42c8;hp=4410193e663eaf3c65fc6a53a494d2fbb0160aa1;hpb=bf5c2a54b1f62943eec85b3baed47bc084cd36c2;p=gnulib.git diff --git a/lib/xsize.h b/lib/xsize.h index 4410193e6..2b955b635 100644 --- a/lib/xsize.h +++ b/lib/xsize.h @@ -1,6 +1,6 @@ /* xsize.h -- Checked size_t computations. - Copyright (C) 2003 Free Software Foundation, Inc. + Copyright (C) 2003, 2008, 2009, 2010 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -14,7 +14,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #ifndef _XSIZE_H #define _XSIZE_H @@ -23,12 +23,10 @@ #include /* Get SIZE_MAX. */ +#include #if HAVE_STDINT_H # include #endif -#ifndef SIZE_MAX -# define SIZE_MAX ((size_t) -1) -#endif /* The size of memory objects is often computed through expressions of type size_t. Example: @@ -39,11 +37,11 @@ To avoid this, the functions and macros in this file check for overflow. The convention is that SIZE_MAX represents overflow. malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc - implementation that uses mmap --, it's recommended to use SIZE_OVERFLOW_P - before invoking malloc(). + implementation that uses mmap --, it's recommended to use size_overflow_p() + or size_in_bounds_p() before invoking malloc(). The example thus becomes: size_t size = xsum (header_size, xtimes (n, element_size)); - void *p = (!SIZE_OVERFLOW_P (size) ? malloc (size) : NULL); + void *p = (size_in_bounds_p (size) ? malloc (size) : NULL); */ /* Convert an arbitrary value >= 0 to type size_t. */ @@ -52,6 +50,9 @@ /* Sum of two sizes, with overflow check. */ static inline size_t +#if __GNUC__ >= 3 +__attribute__ ((__pure__)) +#endif xsum (size_t size1, size_t size2) { size_t sum = size1 + size2; @@ -60,6 +61,9 @@ xsum (size_t size1, size_t size2) /* Sum of three sizes, with overflow check. */ static inline size_t +#if __GNUC__ >= 3 +__attribute__ ((__pure__)) +#endif xsum3 (size_t size1, size_t size2, size_t size3) { return xsum (xsum (size1, size2), size3); @@ -67,15 +71,30 @@ xsum3 (size_t size1, size_t size2, size_t size3) /* Sum of four sizes, with overflow check. */ static inline size_t +#if __GNUC__ >= 3 +__attribute__ ((__pure__)) +#endif xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) { return xsum (xsum (xsum (size1, size2), size3), size4); } +/* Maximum of two sizes, with overflow check. */ +static inline size_t +#if __GNUC__ >= 3 +__attribute__ ((__pure__)) +#endif +xmax (size_t size1, size_t size2) +{ + /* No explicit check is needed here, because for any n: + max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */ + return (size1 >= size2 ? size1 : size2); +} + /* Multiplication of a count with an element size, with overflow check. The count must be >= 0 and the element size must be > 0. This is a macro, not an inline function, so that it works correctly even - when N is of a wider tupe and N > SIZE_MAX. */ + when N is of a wider type and N > SIZE_MAX. */ #define xtimes(N, ELSIZE) \ ((N) <= SIZE_MAX / (ELSIZE) ? (size_t) (N) * (ELSIZE) : SIZE_MAX)