From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 11 Aug 2019 23:42:38 +0000 (-0700)
Subject: Prefer signed when testing for signed overflow
X-Git-Tag: emacs-27.0.90~1643
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=57fc1a5f7c49fbe7288de6ad567c934db2ceaf96;p=emacs.git

Prefer signed when testing for signed overflow

* src/alloc.c (free_cons):
* src/casefiddle.c (do_casify_multibyte_string):
* src/editfns.c (styled_format):
* src/image.c (png_load_body):
Use signed arguments to INT_MULTIPLY_WRAPV etc.  This doesn’t fix
any bugs, but GCC emits better code when all args are signed.
Also, this removes the need for an if in free_cons (Bug#37006).
---

diff --git a/src/alloc.c b/src/alloc.c
index d9022ac46c3..8227feadae5 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -2542,9 +2542,8 @@ free_cons (struct Lisp_Cons *ptr)
   ptr->u.s.u.chain = cons_free_list;
   ptr->u.s.car = dead_object ();
   cons_free_list = ptr;
-  if (consing_until_gc <= 0)
-    consing_until_gc += sizeof *ptr;
-  else if (INT_ADD_WRAPV (consing_until_gc, sizeof *ptr, &consing_until_gc))
+  int incr = sizeof *ptr;
+  if (INT_ADD_WRAPV (consing_until_gc, incr, &consing_until_gc))
     consing_until_gc = OBJECT_CT_MAX;
   gcstat.total_free_conses++;
 }
diff --git a/src/casefiddle.c b/src/casefiddle.c
index ee292dda9b3..6fcb5852141 100644
--- a/src/casefiddle.c
+++ b/src/casefiddle.c
@@ -265,8 +265,9 @@ do_casify_multibyte_string (struct casing_context *ctx, Lisp_Object obj)
 
   ptrdiff_t size = SCHARS (obj), n;
   USE_SAFE_ALLOCA;
+  ptrdiff_t casing_str_buf_size = sizeof (struct casing_str_buf);
   if (INT_MULTIPLY_WRAPV (size, MAX_MULTIBYTE_LENGTH, &n)
-      || INT_ADD_WRAPV (n, sizeof (struct casing_str_buf), &n))
+      || INT_ADD_WRAPV (n, casing_str_buf_size, &n))
     n = PTRDIFF_MAX;
   unsigned char *dst = SAFE_ALLOCA (n);
   unsigned char *dst_end = dst + n;
diff --git a/src/editfns.c b/src/editfns.c
index 1b33f397110..25f80bedb1c 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -3159,8 +3159,8 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
   ptrdiff_t nspec_bound = SCHARS (args[0]) >> 1;
 
   /* Allocate the info and discarded tables.  */
-  ptrdiff_t info_size, alloca_size;
-  if (INT_MULTIPLY_WRAPV (nspec_bound, sizeof *info, &info_size)
+  ptrdiff_t info_size = sizeof *info, alloca_size;
+  if (INT_MULTIPLY_WRAPV (nspec_bound, info_size, &info_size)
       || INT_ADD_WRAPV (formatlen, info_size, &alloca_size)
       || SIZE_MAX < alloca_size)
     memory_full (SIZE_MAX);
diff --git a/src/image.c b/src/image.c
index 81d8cb4e2b2..a59be0cd8ff 100644
--- a/src/image.c
+++ b/src/image.c
@@ -6463,7 +6463,6 @@ png_load_body (struct frame *f, struct image *img, struct png_load_context *c)
   png_uint_32 row_bytes;
   bool transparent_p;
   struct png_memory_storage tbr;  /* Data to be read */
-  ptrdiff_t nbytes;
   Emacs_Pix_Container ximg, mask_img = NULL;
 
   /* Find out what file to load.  */
@@ -6660,7 +6659,8 @@ png_load_body (struct frame *f, struct image *img, struct png_load_context *c)
   row_bytes = png_get_rowbytes (png_ptr, info_ptr);
 
   /* Allocate memory for the image.  */
-  if (INT_MULTIPLY_WRAPV (row_bytes, sizeof *pixels, &nbytes)
+  ptrdiff_t nbytes = sizeof *pixels;
+  if (INT_MULTIPLY_WRAPV (row_bytes, nbytes, &nbytes)
       || INT_MULTIPLY_WRAPV (nbytes, height, &nbytes))
     memory_full (SIZE_MAX);
   c->pixels = pixels = xmalloc (nbytes);