diff --git a/ChangeLog b/ChangeLog index 20c25c902a..5293fc104f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,21 @@ 2022-08-09 Paul Eggert + stdckdint: prefer to intprops when easy + stdckdint.h is part of draft C23 and therefore is more likely + to be familiar to programmers in the future, so prefer it to + intprops.h in files that don’t need non-_WRAPV intprops.h macros. + * lib/alignalloc.c, lib/backupfile.c, lib/fnmatch.c, lib/fnmatch_loop.c: + * lib/group-member.c, lib/malloca.c, lib/posixtm.c, lib/reallocarray.c: + * lib/xmalloc.c: + For files that can use stdckdint.h just as easily as intprops.h, + include the former instead of the latter, and use the former’s + ckd_* macros instead of the latter’s *_WRAPV macros. + * modules/alignalloc, modules/backup-rename, modules/backupfile: + * modules/fnmatch, modules/group-member, modules/malloca: + * modules/posixtm, modules/reallocarray: + * modules/relocatable-prog-wrapper, modules/xalloc: + Depend on stdckdint instead of intprops. + stdckdint: new module This supports draft C23 . * doc/posix-headers/stdckdint.texi: diff --git a/lib/alignalloc.c b/lib/alignalloc.c index 03988f11a4..1884394e3c 100644 --- a/lib/alignalloc.c +++ b/lib/alignalloc.c @@ -24,8 +24,8 @@ #include #include +#include #include -#include "intprops.h" #include "verify.h" #if !ALIGNALLOC_VIA_ALIGNED_ALLOC @@ -82,7 +82,7 @@ alignalloc (idx_t alignment, idx_t size) size_t malloc_size; unsigned char *q; - if (INT_ADD_WRAPV (size, alignment, &malloc_size) + if (ckd_add (&malloc_size, size, alignment) || ! (q = malloc (malloc_size))) { errno = ENOMEM; diff --git a/lib/backupfile.c b/lib/backupfile.c index d9f465a3e0..b2ab67847a 100644 --- a/lib/backupfile.c +++ b/lib/backupfile.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -34,7 +35,6 @@ #include "attribute.h" #include "basename-lgpl.h" #include "ialloc.h" -#include "intprops.h" #include "opendirat.h" #include "renameatu.h" @@ -272,7 +272,7 @@ numbered_backup (int dir_fd, char **buffer, idx_t buffer_size, idx_t filelen, if (buffer_size < new_buffer_size) { idx_t grown; - if (! INT_ADD_WRAPV (new_buffer_size, new_buffer_size >> 1, &grown)) + if (! ckd_add (&grown, new_buffer_size, new_buffer_size >> 1)) new_buffer_size = grown; char *new_buf = irealloc (buf, new_buffer_size); if (!new_buf) diff --git a/lib/fnmatch.c b/lib/fnmatch.c index b33a127d98..45e326902d 100644 --- a/lib/fnmatch.c +++ b/lib/fnmatch.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #if defined _LIBC || HAVE_ALLOCA # include @@ -73,7 +74,6 @@ extern int fnmatch (const char *pattern, const char *string, int flags); # include "attribute.h" #endif -#include #include #ifdef _LIBC diff --git a/lib/fnmatch_loop.c b/lib/fnmatch_loop.c index e635953758..1b16de99b6 100644 --- a/lib/fnmatch_loop.c +++ b/lib/fnmatch_loop.c @@ -1039,8 +1039,8 @@ EXT (INT opt, const CHAR *pattern, const CHAR *string, const CHAR *string_end, idx_t slen = FLEXSIZEOF (struct patternlist, str, 0); \ idx_t new_used = alloca_used + slen; \ idx_t plensize; \ - if (INT_MULTIPLY_WRAPV (plen, sizeof (CHAR), &plensize) \ - || INT_ADD_WRAPV (new_used, plensize, &new_used)) \ + if (ckd_mul (&plensize, plen, sizeof (CHAR), &plensize) \ + || ckd_add (&new_used, new_used, plensize)) \ { \ retval = -2; \ goto out; \ diff --git a/lib/group-member.c b/lib/group-member.c index 480a12616a..cd43f36f4e 100644 --- a/lib/group-member.c +++ b/lib/group-member.c @@ -21,12 +21,11 @@ /* Specification. */ #include +#include #include #include #include -#include "intprops.h" - /* Most processes have no more than this many groups, and for these processes we can avoid using malloc. */ enum { GROUPBUF_SIZE = 100 }; @@ -54,7 +53,7 @@ get_group_info (struct group_info *gi) { int n_group_slots = getgroups (0, NULL); size_t nbytes; - if (! INT_MULTIPLY_WRAPV (n_group_slots, sizeof *gi->group, &nbytes)) + if (! ckd_mul (&nbytes, n_group_slots, sizeof *gi->group)) { gi->group = malloc (nbytes); if (gi->group) diff --git a/lib/malloca.c b/lib/malloca.c index e7beaaf066..183783a710 100644 --- a/lib/malloca.c +++ b/lib/malloca.c @@ -21,8 +21,9 @@ /* Specification. */ #include "malloca.h" +#include + #include "idx.h" -#include "intprops.h" #include "verify.h" /* The speed critical point in this file is freea() applied to an alloca() @@ -50,17 +51,16 @@ mmalloca (size_t n) uintptr_t alignment2_mask = 2 * sa_alignment_max - 1; int plus = sizeof (small_t) + alignment2_mask; idx_t nplus; - if (!INT_ADD_WRAPV (n, plus, &nplus) && !xalloc_oversized (nplus, 1)) + if (!ckd_add (&nplus, n, plus) && !xalloc_oversized (nplus, 1)) { char *mem = (char *) malloc (nplus); if (mem != NULL) { uintptr_t umem = (uintptr_t)mem, umemplus; - /* The INT_ADD_WRAPV avoids signed integer overflow on + /* The ckd_add avoids signed integer overflow on theoretical platforms where UINTPTR_MAX <= INT_MAX. */ - INT_ADD_WRAPV (umem, sizeof (small_t) + sa_alignment_max - 1, - &umemplus); + ckd_add (&umemplus, umem, sizeof (small_t) + sa_alignment_max - 1); idx_t offset = ((umemplus & ~alignment2_mask) + sa_alignment_max - umem); void *vp = mem + offset; diff --git a/lib/posixtm.c b/lib/posixtm.c index b00cef42fd..3c323782fa 100644 --- a/lib/posixtm.c +++ b/lib/posixtm.c @@ -24,9 +24,9 @@ #include "c-ctype.h" #include "idx.h" -#include "intprops.h" #include "verify.h" +#include #include /* @@ -191,7 +191,7 @@ posixtime (time_t *p, const char *s, unsigned int syntax_bits) | (tm0.tm_min ^ tm1.tm_min) | (tm0.tm_sec ^ tm1.tm_sec))) { - if (INT_ADD_WRAPV (t, leapsec, &t)) + if (ckd_add (&t, t, leapsec)) return false; *p = t; return true; diff --git a/lib/reallocarray.c b/lib/reallocarray.c index bc4cba4b61..70c1b47872 100644 --- a/lib/reallocarray.c +++ b/lib/reallocarray.c @@ -19,16 +19,15 @@ #include +#include #include #include -#include "intprops.h" - void * reallocarray (void *ptr, size_t nmemb, size_t size) { size_t nbytes; - if (INT_MULTIPLY_WRAPV (nmemb, size, &nbytes)) + if (ckd_mul (&nbytes, nmemb, size)) { errno = ENOMEM; return NULL; diff --git a/lib/xmalloc.c b/lib/xmalloc.c index 993c1eeb75..3c3cb20799 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -22,9 +22,9 @@ #include "xalloc.h" #include "ialloc.h" -#include "intprops.h" #include "minmax.h" +#include #include #include @@ -195,7 +195,7 @@ x2nrealloc (void *p, size_t *pn, size_t s) else { /* Set N = floor (1.5 * N) + 1 to make progress even if N == 0. */ - if (INT_ADD_WRAPV (n, (n >> 1) + 1, &n)) + if (ckd_add (&n, n, (n >> 1) + 1)) xalloc_die (); } @@ -236,7 +236,7 @@ xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s) N_MAX, and what the C language can represent safely. */ idx_t n; - if (INT_ADD_WRAPV (n0, n0 >> 1, &n)) + if (ckd_add (&n, n0, n0 >> 1)) n = IDX_MAX; if (0 <= n_max && n_max < n) n = n_max; @@ -251,7 +251,7 @@ xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s) size_t nbytes; #endif idx_t adjusted_nbytes - = (INT_MULTIPLY_WRAPV (n, s, &nbytes) + = (ckd_mul (&nbytes, n, s) ? MIN (IDX_MAX, SIZE_MAX) : nbytes < DEFAULT_MXFAST ? DEFAULT_MXFAST : 0); if (adjusted_nbytes) @@ -263,9 +263,9 @@ xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s) if (! pa) *pn = 0; if (n - n0 < n_incr_min - && (INT_ADD_WRAPV (n0, n_incr_min, &n) + && (ckd_add (&n, n0, n_incr_min) || (0 <= n_max && n_max < n) - || INT_MULTIPLY_WRAPV (n, s, &nbytes))) + || ckd_mul (&nbytes, n, s))) xalloc_die (); pa = xrealloc (pa, nbytes); *pn = n; diff --git a/modules/alignalloc b/modules/alignalloc index 68c1b14cd4..42ca672bc2 100644 --- a/modules/alignalloc +++ b/modules/alignalloc @@ -10,9 +10,9 @@ Depends-on: extensions extern-inline idx -intprops posix_memalign stdalign +stdckdint stdint verify diff --git a/modules/backup-rename b/modules/backup-rename index 245350a4df..54a8270a90 100644 --- a/modules/backup-rename +++ b/modules/backup-rename @@ -17,12 +17,12 @@ closedir d-ino fcntl-h ialloc -intprops memcmp opendirat readdir renameatu stdbool +stdckdint stdint xalloc-oversized diff --git a/modules/backupfile b/modules/backupfile index 3d06da9ed4..804e62d48c 100644 --- a/modules/backupfile +++ b/modules/backupfile @@ -17,13 +17,13 @@ closedir d-ino fcntl-h ialloc -intprops memcmp opendirat readdir realloc-gnu renameatu stdbool +stdckdint stdint xalloc-die diff --git a/modules/fnmatch b/modules/fnmatch index 37ebfe2250..7de95c565a 100644 --- a/modules/fnmatch +++ b/modules/fnmatch @@ -15,11 +15,11 @@ btowc [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] builtin-expect [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] flexmember [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] idx [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] -intprops [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] isblank [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] iswctype [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] libc-config [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] stdbool [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] +stdckdint [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] strnlen [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] wchar [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] wctype-h [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] diff --git a/modules/group-member b/modules/group-member index c08e786e0a..d84b751c0c 100644 --- a/modules/group-member +++ b/modules/group-member @@ -9,8 +9,8 @@ Depends-on: unistd extensions getgroups [test $HAVE_GROUP_MEMBER = 0] -intprops [test $HAVE_GROUP_MEMBER = 0] realloc-gnu [test $HAVE_GROUP_MEMBER = 0] +stdckdint [test $HAVE_GROUP_MEMBER = 0] configure.ac: gl_FUNC_GROUP_MEMBER diff --git a/modules/malloca b/modules/malloca index 346d33251a..9c279c45f1 100644 --- a/modules/malloca +++ b/modules/malloca @@ -10,7 +10,7 @@ m4/eealloc.m4 Depends-on: alloca-opt idx -intprops +stdckdint stdint verify xalloc-oversized diff --git a/modules/posixtm b/modules/posixtm index 5ecc016ae9..f302efac63 100644 --- a/modules/posixtm +++ b/modules/posixtm @@ -9,9 +9,9 @@ m4/posixtm.m4 Depends-on: c-ctype idx -intprops mktime stdbool +stdckdint verify configure.ac: diff --git a/modules/reallocarray b/modules/reallocarray index 9d2db6b888..380434870e 100644 --- a/modules/reallocarray +++ b/modules/reallocarray @@ -8,8 +8,8 @@ m4/reallocarray.m4 Depends-on: extensions -intprops [test $HAVE_REALLOCARRAY = 0 || test $REPLACE_REALLOCARRAY = 1] realloc-gnu [test $HAVE_REALLOCARRAY = 0 || test $REPLACE_REALLOCARRAY = 1] +stdckdint [test $HAVE_REALLOCARRAY = 0 || test $REPLACE_REALLOCARRAY = 1] stdlib configure.ac: diff --git a/modules/relocatable-prog-wrapper b/modules/relocatable-prog-wrapper index fa56916217..9b9d9c3abe 100644 --- a/modules/relocatable-prog-wrapper +++ b/modules/relocatable-prog-wrapper @@ -67,6 +67,7 @@ ssize_t stdalign stdbool stddef +stdckdint stdint stdlib string diff --git a/modules/xalloc b/modules/xalloc index 0fc3836c2c..15059bf47f 100644 --- a/modules/xalloc +++ b/modules/xalloc @@ -12,11 +12,11 @@ calloc-gnu extern-inline ialloc idx -intprops malloc-gnu minmax realloc-gnu reallocarray +stdckdint stdint xalloc-die