Mercurial: mercurial/mpatch.c comparison

comparison mercurial/mpatch.c @ 38190:1ec4cb8cbc87 stable

mpatch: introduce a safeadd() helper to work around UB int overflow We're about to make extensive use of this. This change duplicates some stdbool.h portability hacks from cext/util.h. We should probably clean that up in the future, but we'll skip that for now in order to make security backports easier.

author	Augie Fackler <augie@google.com>
date	Mon, 30 Apr 2018 22:13:42 -0400
parents	faa924469635
children	b8b253aec953

comparison

equal deleted inserted replaced

-:faa924469635
+:1ec4cb8cbc87
 This software may be used and distributed according to the terms
 of the GNU General Public License, incorporated herein by reference.
 */
+#include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 #include "bitmanipulation.h"
 #include "compat.h"
 #include "mpatch.h"
+/* VC9 doesn't include bool and lacks stdbool.h based on cext/util.h */
+#if defined(_MSC_VER) || __STDC_VERSION__ < 199901L
+#define true 1
+#define false 0
+typedef unsigned char bool;
+#else
+#include <stdbool.h>
+#endif
 static struct mpatch_flist *lalloc(ssize_t size)
 {
 	struct mpatch_flist *a = NULL;
 }
 static ssize_t lsize(struct mpatch_flist *a)
 {
 	return a->tail - a->head;
+}
+/* add helper to add src and *dest iff it won't overflow */
+static inline bool safeadd(int src, int *dest)
+{
+	if ((src > 0) == (*dest > 0)) {
+		if (*dest > 0) {
+			if (src > (INT_MAX - *dest)) {
+				return false;
+			}
+		} else {
+			if (src < (INT_MIN - *dest)) {
+				return false;
+			}
+		}
+	}
+	*dest += src;
+	return true;
 }
 /* move hunks in source that are less cut to dest, compensating
 for changes in offset. the last hunk may be split if necessary.
 */

Mercurial > hg

comparison mercurial/mpatch.c @ 38190:1ec4cb8cbc87 stable