From 57fc1a5f7c49fbe7288de6ad567c934db2ceaf96 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 11 Aug 2019 16:42:38 -0700 Subject: [PATCH] Prefer signed when testing for signed overflow MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * src/alloc.c (free_cons): * src/casefiddle.c (do_casify_multibyte_string): * src/editfns.c (styled_format): * src/image.c (png_load_body): Use signed arguments to INT_MULTIPLY_WRAPV etc. This doesn’t fix any bugs, but GCC emits better code when all args are signed. Also, this removes the need for an if in free_cons (Bug#37006). --- src/alloc.c | 5 ++--- src/casefiddle.c | 3 ++- src/editfns.c | 4 ++-- src/image.c | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/alloc.c b/src/alloc.c index d9022ac46c3..8227feadae5 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -2542,9 +2542,8 @@ free_cons (struct Lisp_Cons *ptr) ptr->u.s.u.chain = cons_free_list; ptr->u.s.car = dead_object (); cons_free_list = ptr; - if (consing_until_gc <= 0) - consing_until_gc += sizeof *ptr; - else if (INT_ADD_WRAPV (consing_until_gc, sizeof *ptr, &consing_until_gc)) + int incr = sizeof *ptr; + if (INT_ADD_WRAPV (consing_until_gc, incr, &consing_until_gc)) consing_until_gc = OBJECT_CT_MAX; gcstat.total_free_conses++; } diff --git a/src/casefiddle.c b/src/casefiddle.c index ee292dda9b3..6fcb5852141 100644 --- a/src/casefiddle.c +++ b/src/casefiddle.c @@ -265,8 +265,9 @@ do_casify_multibyte_string (struct casing_context *ctx, Lisp_Object obj) ptrdiff_t size = SCHARS (obj), n; USE_SAFE_ALLOCA; + ptrdiff_t casing_str_buf_size = sizeof (struct casing_str_buf); if (INT_MULTIPLY_WRAPV (size, MAX_MULTIBYTE_LENGTH, &n) - || INT_ADD_WRAPV (n, sizeof (struct casing_str_buf), &n)) + || INT_ADD_WRAPV (n, casing_str_buf_size, &n)) n = PTRDIFF_MAX; unsigned char *dst = SAFE_ALLOCA (n); unsigned char *dst_end = dst + n; diff --git a/src/editfns.c b/src/editfns.c index 1b33f397110..25f80bedb1c 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -3159,8 +3159,8 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message) ptrdiff_t nspec_bound = SCHARS (args[0]) >> 1; /* Allocate the info and discarded tables. */ - ptrdiff_t info_size, alloca_size; - if (INT_MULTIPLY_WRAPV (nspec_bound, sizeof *info, &info_size) + ptrdiff_t info_size = sizeof *info, alloca_size; + if (INT_MULTIPLY_WRAPV (nspec_bound, info_size, &info_size) || INT_ADD_WRAPV (formatlen, info_size, &alloca_size) || SIZE_MAX < alloca_size) memory_full (SIZE_MAX); diff --git a/src/image.c b/src/image.c index 81d8cb4e2b2..a59be0cd8ff 100644 --- a/src/image.c +++ b/src/image.c @@ -6463,7 +6463,6 @@ png_load_body (struct frame *f, struct image *img, struct png_load_context *c) png_uint_32 row_bytes; bool transparent_p; struct png_memory_storage tbr; /* Data to be read */ - ptrdiff_t nbytes; Emacs_Pix_Container ximg, mask_img = NULL; /* Find out what file to load. */ @@ -6660,7 +6659,8 @@ png_load_body (struct frame *f, struct image *img, struct png_load_context *c) row_bytes = png_get_rowbytes (png_ptr, info_ptr); /* Allocate memory for the image. */ - if (INT_MULTIPLY_WRAPV (row_bytes, sizeof *pixels, &nbytes) + ptrdiff_t nbytes = sizeof *pixels; + if (INT_MULTIPLY_WRAPV (row_bytes, nbytes, &nbytes) || INT_MULTIPLY_WRAPV (nbytes, height, &nbytes)) memory_full (SIZE_MAX); c->pixels = pixels = xmalloc (nbytes); -- 2.39.2