[vlc-commits] [Git][videolan/vlc][master] 6 commits: stdckdint: add compatibility header
Rémi Denis-Courmont (@Courmisch)
gitlab at videolan.org
Tue Feb 20 19:56:51 UTC 2024
Rémi Denis-Courmont pushed to branch master at VideoLAN / VLC
Commits:
38c10291 by Rémi Denis-Courmont at 2024-02-20T19:34:53+00:00
stdckdint: add compatibility header
This only implements unsigned types for now, as there are no known use
cases for signed checked arithmetic as of yet. The macros will safely
error out at compilation time if signed types are misused.
- - - - -
167633ac by Rémi Denis-Courmont at 2024-02-20T19:34:53+00:00
lib: use <stdckdint.h>
- - - - -
444d71bf by Rémi Denis-Courmont at 2024-02-20T19:34:53+00:00
core: use <stdckdint.h>
- - - - -
58f181ad by Rémi Denis-Courmont at 2024-02-20T19:34:53+00:00
mms: use <stdckdint.h>
- - - - -
88432ec9 by Rémi Denis-Courmont at 2024-02-20T19:34:53+00:00
coreaudio: use <stdckdint.h>
- - - - -
de4e0e33 by Rémi Denis-Courmont at 2024-02-20T19:34:53+00:00
rdp: use <stdckdint.h>
- - - - -
14 changed files:
- compat/Makefile.am
- + compat/stdckdint/stdckdint.h
- configure.ac
- lib/media_player.c
- lib/media_track.c
- lib/picture.c
- meson.build
- modules/access/mms/mmstu.c
- modules/access/rdp.c
- modules/audio_output/coreaudio_common.c
- src/misc/objres.c
- src/misc/picture.c
- src/player/title.c
- src/text/memstream.c
Changes:
=====================================
compat/Makefile.am
=====================================
@@ -1,4 +1,4 @@
-noinst_HEADERS = stdbit/stdbit.h
+noinst_HEADERS = stdbit/stdbit.h stdckdint/stdckdint.h
pkglib_LTLIBRARIES = libcompat.la
libcompat_la_SOURCES = dummy.c
libcompat_la_LIBADD = $(LTLIBOBJS) $(LIBRT) $(LIBM)
=====================================
compat/stdckdint/stdckdint.h
=====================================
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2024 Rémi Denis-Courmont
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
+ */
+
+#ifndef __STDC_VERSION_STDCKDINT_H__
+# define __STDC_VERSION_STDCKDINT_H__ 202311L
+
+# if defined(__GNUC__) || defined(__clang__)
+# define ckd_add(r, a, b) __builtin_add_overflow(a, b, r)
+# define ckd_sub(r, a, b) __builtin_sub_overflow(a, b, r)
+# define ckd_mul(r, a, b) __builtin_mul_overflow(a, b, r)
+# else
+# include <limits.h>
+
+# define __ckd_unsigned(suffix, type, MAX) \
+static inline _Bool __ckd_add_##suffix(type *r, type a, type b) \
+{ \
+ *r = a + b; \
+ return ((type)(a + b)) < a; \
+} \
+\
+static inline _Bool __ckd_sub_##suffix(type *r, type a, type b) \
+{ \
+ *r = a - b; \
+ return a < b; \
+} \
+\
+static inline _Bool __ckd_mul_##suffix(type *r, type a, type b) \
+{ \
+ *r = a * b; \
+ return b > 0 && a > (MAX / b); \
+}
+
+# define __ckd_func(op, r, a, b) \
+ _Generic (*(r), \
+ unsigned char: __ckd_##op##_uc((unsigned char *)(r), a, b), \
+ unsigned short: __ckd_##op##_us((unsigned short *)(r), a, b), \
+ unsigned int: __ckd_##op##_ui((unsigned int *)(r), a, b), \
+ unsigned long: __ckd_##op##_ul((unsigned long *)(r), a, b), \
+ unsigned long long: __ckd_##op##_ull((unsigned long long *)(r), a, b))
+
+__ckd_unsigned(uc, unsigned char, UCHAR_MAX)
+__ckd_unsigned(us, unsigned short, USHRT_MAX)
+__ckd_unsigned(ui, unsigned int, UINT_MAX)
+__ckd_unsigned(ul, unsigned long, ULONG_MAX)
+__ckd_unsigned(ull, unsigned long long, ULLONG_MAX)
+
+# define ckd_add(r, a, b) __ckd_func(add, r, a, b)
+# define ckd_sub(r, a, b) __ckd_func(sub, r, a, b)
+# define ckd_mul(r, a, b) __ckd_func(mul, r, a, b)
+# endif
+#endif /* __STDC_VERSION_STDCKDINT_H__ */
=====================================
configure.ac
=====================================
@@ -983,6 +983,9 @@ dnl
AC_CHECK_HEADER([stdbit.h],, [
CPPFLAGS="${CPPFLAGS} -I\$(top_srcdir)/compat/stdbit"
])
+AC_CHECK_HEADER([stdckdint.h],, [
+ CPPFLAGS="${CPPFLAGS} -I\$(top_srcdir)/compat/stdckdint"
+])
dnl POSIX
AC_CHECK_HEADERS([arpa/inet.h poll.h pthread.h search.h sys/shm.h sys/socket.h sys/uio.h wordexp.h])
=====================================
lib/media_player.c
=====================================
@@ -25,6 +25,7 @@
#endif
#include <assert.h>
+#include <stdckdint.h>
#include <vlc/libvlc.h>
#include <vlc/libvlc_renderer_discoverer.h>
@@ -2122,9 +2123,8 @@ libvlc_media_player_get_programlist( libvlc_media_player_t *p_mi )
goto error;
size_t size;
- if( mul_overflow( count, sizeof(libvlc_player_program_t *), &size) )
- goto error;
- if( add_overflow( size, sizeof(libvlc_player_programlist_t), &size) )
+ if (ckd_mul(&size, count, sizeof (libvlc_player_program_t *)) ||
+ ckd_add(&size, sizeof (libvlc_player_programlist_t), size))
goto error;
libvlc_player_programlist_t *list = malloc( size );
=====================================
lib/media_track.c
=====================================
@@ -24,6 +24,7 @@
#include <assert.h>
#include <errno.h>
+#include <stdckdint.h>
#include <vlc/libvlc.h>
#include <vlc/libvlc_picture.h>
@@ -173,9 +174,8 @@ static libvlc_media_tracklist_t *
libvlc_media_tracklist_alloc( size_t count )
{
size_t size;
- if( mul_overflow( count, sizeof(libvlc_media_trackpriv_t *), &size) )
- return NULL;
- if( add_overflow( size, sizeof(libvlc_media_tracklist_t), &size) )
+ if (ckd_mul(&size, count, sizeof (libvlc_media_trackpriv_t *)) ||
+ ckd_add(&size, size, sizeof (libvlc_media_tracklist_t)))
return NULL;
libvlc_media_tracklist_t *list = malloc( size );
=====================================
lib/picture.c
=====================================
@@ -24,6 +24,8 @@
# include "config.h"
#endif
+#include <stdckdint.h>
+
#include <vlc/libvlc.h>
#include <vlc/libvlc_picture.h>
#include "libvlc_internal.h"
@@ -213,9 +215,8 @@ libvlc_picture_list_t* libvlc_picture_list_from_attachments( input_attachment_t*
{
size_t size = 0;
libvlc_picture_list_t* list;
- if ( mul_overflow( nb_attachments, sizeof( libvlc_picture_t* ), &size ) )
- return NULL;
- if ( add_overflow( size, sizeof( *list ), &size ) )
+ if (ckd_mul(&size, nb_attachments, sizeof (libvlc_picture_t *)) ||
+ ckd_add(&size, sizeof (*list), size))
return NULL;
list = malloc( size );
=====================================
meson.build
=====================================
@@ -208,6 +208,7 @@ endif
check_c_headers = [
['stdbit.h'],
+ ['stdckdint.h'],
['arpa/inet.h'],
['threads.h'],
['netinet/tcp.h'],
@@ -269,6 +270,9 @@ endforeach
if not cdata.has('HAVE_STDBIT_H')
list_inc_dirs += 'compat/stdbit'
endif
+if not cdata.has('HAVE_STDCKDINT_H')
+ list_inc_dirs += 'compat/stdckdint'
+endif
vlc_include_dirs = include_directories(list_inc_dirs)
#
=====================================
modules/access/mms/mmstu.c
=====================================
@@ -34,6 +34,7 @@
#include <errno.h>
#include <assert.h>
+#include <stdckdint.h>
#include <sys/types.h>
#include <unistd.h>
@@ -1303,7 +1304,7 @@ static int mms_ParsePacket( stream_t *p_access,
if( i_packet_id == p_sys->i_header_packet_id_type )
{
size_t new_header_size;
- if( add_overflow( p_sys->i_header, i_packet_length, &new_header_size ) )
+ if (ckd_add(&new_header_size, p_sys->i_header, i_packet_length))
return -1;
uint8_t *p_reaced = realloc( p_sys->p_header, new_header_size );
if( !p_reaced )
=====================================
modules/access/rdp.c
=====================================
@@ -26,6 +26,8 @@
# include "config.h"
#endif
+#include <stdckdint.h>
+
#include <vlc_common.h>
#include <vlc_threads.h>
#include <vlc_poll.h>
@@ -202,8 +204,8 @@ static BOOL desktopResizeHandler( rdpContext *p_context )
fmt.video.i_frame_rate_base = 1000;
fmt.video.i_frame_rate = 1000 * p_sys->f_fps;
- if ( umul_overflow( p_gdi->width, p_gdi->height, &p_sys->i_framebuffersize ) &&
- umul_overflow( p_sys->i_framebuffersize, i_colordepth >> 3, &p_sys->i_framebuffersize) )
+ if (ckd_mul(&p_sys->i_framebuffersize, p_gdi->width, p_gdi->height) &&
+ ckd_mul(&p_sys->i_framebuffersize, p_sys->i_framebuffersize, i_colordepth >> 3) )
{
msg_Err( p_vlccontext->p_demux, "framebuffer size overflow");
return FALSE;
=====================================
modules/audio_output/coreaudio_common.c
=====================================
@@ -22,6 +22,7 @@
* Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
*****************************************************************************/
+#include <stdckdint.h>
#include "coreaudio_common.h"
#include <CoreAudio/CoreAudioTypes.h>
@@ -699,9 +700,8 @@ MapInputLayout(audio_output_t *p_aout, const audio_sample_format_t *fmt,
unsigned channels = aout_FormatNbChannels(fmt);
size_t size;
- if (mul_overflow(channels, sizeof(AudioChannelDescription), &size))
- return VLC_ENOMEM;
- if (add_overflow(size, sizeof(AudioChannelLayout), &size))
+ if (ckd_mul(&size, channels, sizeof(AudioChannelDescription)) ||
+ ckd_add(&size, size, sizeof(AudioChannelLayout)))
return VLC_ENOMEM;
AudioChannelLayout *inlayout = malloc(size);
if (inlayout == NULL)
=====================================
src/misc/objres.c
=====================================
@@ -24,6 +24,7 @@
#include <assert.h>
#include <errno.h>
+#include <stdckdint.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
@@ -47,7 +48,7 @@ static struct vlc_res **vlc_obj_res(vlc_object_t *obj)
void *vlc_objres_new(size_t size, void (*release)(void *))
{
- if (unlikely(add_overflow(sizeof (struct vlc_res), size, &size)))
+ if (unlikely(ckd_add(&size, sizeof (struct vlc_res), size)))
{
errno = ENOMEM;
return NULL;
@@ -145,7 +146,7 @@ void *(vlc_obj_malloc)(vlc_object_t *obj, size_t size)
void *(vlc_obj_calloc)(vlc_object_t *obj, size_t nmemb, size_t size)
{
size_t tabsize;
- if (unlikely(mul_overflow(nmemb, size, &tabsize)))
+ if (unlikely(ckd_mul(&tabsize, nmemb, size)))
{
errno = ENOMEM;
return NULL;
=====================================
src/misc/picture.c
=====================================
@@ -32,6 +32,7 @@
#endif
#include <assert.h>
#include <limits.h>
+#include <stdckdint.h>
#include <vlc_common.h>
#include "picture.h"
@@ -161,8 +162,8 @@ int picture_Setup( picture_t *p_picture, const video_format_t *restrict fmt )
unsigned width, height;
- if (unlikely(add_overflow(fmt->i_width, i_modulo_w - 1, &width))
- || unlikely(add_overflow(fmt->i_height, i_modulo_h - 1, &height)))
+ if (unlikely(ckd_add(&width, fmt->i_width, i_modulo_w - 1))
+ || unlikely(ckd_add(&height, fmt->i_height, i_modulo_h - 1)))
return VLC_EGENERIC;
width = width / i_modulo_w * i_modulo_w;
@@ -298,8 +299,8 @@ picture_t *picture_NewFromFormat(const video_format_t *restrict fmt)
{
const plane_t *p = &pic->p[i];
- if (unlikely(mul_overflow(p->i_pitch, p->i_lines, &plane_sizes[i]))
- || unlikely(add_overflow(pic_size, plane_sizes[i], &pic_size)))
+ if (unlikely(ckd_mul(&plane_sizes[i], p->i_pitch, p->i_lines))
+ || unlikely(ckd_add(&pic_size, pic_size, plane_sizes[i])))
goto error;
}
=====================================
src/player/title.c
=====================================
@@ -23,6 +23,7 @@
#endif
#include <limits.h>
+#include <stdckdint.h>
#include <vlc_common.h>
#include "player.h"
@@ -103,9 +104,9 @@ vlc_player_title_list_Create(input_title_t *const *array, size_t count,
/* Allocate the struct + the whole list */
size_t size;
- if (mul_overflow(count, sizeof(struct vlc_player_title), &size))
+ if (ckd_mul(&size, count, sizeof(struct vlc_player_title)))
return NULL;
- if (add_overflow(size, sizeof(struct vlc_player_title_list), &size))
+ if (ckd_add(&size, size, sizeof(struct vlc_player_title_list)))
return NULL;
struct vlc_player_title_list *titles = malloc(size);
if (!titles)
=====================================
src/text/memstream.c
=====================================
@@ -22,6 +22,8 @@
# include "config.h"
#endif
+#include <stdckdint.h>
+
#include <vlc_common.h>
#include <vlc_memstream.h>
@@ -147,8 +149,8 @@ size_t vlc_memstream_write(struct vlc_memstream *ms, const void *ptr,
if (len == 0)
return 0;
- if (unlikely(add_overflow(ms->length, len, &newlen))
- || unlikely(add_overflow(newlen, 1, &newlen)))
+ if (unlikely(ckd_add(&newlen, ms->length, len))
+ || unlikely(ckd_add(&newlen, newlen, 1)))
goto error;
char *base = realloc(ms->ptr, newlen);
@@ -190,8 +192,8 @@ int vlc_memstream_vprintf(struct vlc_memstream *ms, const char *fmt,
va_end(ap);
if (len < 0
- || unlikely(add_overflow(ms->length, len, &newlen))
- || unlikely(add_overflow(newlen, 1, &newlen)))
+ || unlikely(ckd_add(&newlen, ms->length, len))
+ || unlikely(ckd_add(&newlen, newlen, 1)))
goto error;
ptr = realloc(ms->ptr, newlen);
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/a6b5ec1b990fb64426359d2710a2caff4069711a...de4e0e33b11ba3470683138c9f8df5e771bd3092
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/a6b5ec1b990fb64426359d2710a2caff4069711a...de4e0e33b11ba3470683138c9f8df5e771bd3092
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list