[Gmp-commit] /var/hg/gmp: Rewrite size computation to avoid overflow.

mercurial at gmplib.org mercurial at gmplib.org
Tue Nov 29 00:28:11 UTC 2016


details:   /var/hg/gmp/rev/7ecdb1bbb5c2
changeset: 17144:7ecdb1bbb5c2
user:      Torbjorn Granlund <tg at gmplib.org>
date:      Tue Nov 29 01:28:04 2016 +0100
description:
Rewrite size computation to avoid overflow.

diffstat:

 mpz/inp_raw.c |  19 ++++++++-----------
 1 files changed, 8 insertions(+), 11 deletions(-)

diffs (43 lines):

diff -r ff2be779bc87 -r 7ecdb1bbb5c2 mpz/inp_raw.c
--- a/mpz/inp_raw.c	Mon Nov 28 15:45:15 2016 +0100
+++ b/mpz/inp_raw.c	Tue Nov 29 01:28:04 2016 +0100
@@ -1,6 +1,6 @@
 /* mpz_inp_raw -- read an mpz_t in raw format.
 
-Copyright 2001, 2002, 2005, 2012 Free Software Foundation, Inc.
+Copyright 2001, 2002, 2005, 2012, 2016 Free Software Foundation, Inc.
 
 This file is part of the GNU MP Library.
 
@@ -65,6 +65,7 @@
 {
   unsigned char  csize_bytes[4];
   mp_size_t      csize, abs_xsize, i;
+  size_t         size;
   size_t         abs_csize;
   char           *cp;
   mp_ptr         xp, sp, ep;
@@ -77,17 +78,13 @@
   if (fread (csize_bytes, sizeof (csize_bytes), 1, fp) != 1)
     return 0;
 
-  csize =
-    (  (mp_size_t) csize_bytes[0] << 24)
-    + ((mp_size_t) csize_bytes[1] << 16)
-    + ((mp_size_t) csize_bytes[2] << 8)
-    + ((mp_size_t) csize_bytes[3]);
+  size = (((size_t) csize_bytes[0] << 24) + ((size_t) csize_bytes[1] << 16) +
+	  ((size_t) csize_bytes[2] << 8)  + ((size_t) csize_bytes[3]));
 
-  /* Sign extend if necessary.
-     Could write "csize -= ((csize & 0x80000000L) << 1)", but that tickles a
-     bug in gcc 3.0 for powerpc64 on AIX.  */
-  if (sizeof (csize) > 4 && csize & 0x80000000L)
-    csize -= 0x80000000L << 1;
+  if (size < 0x80000000u)
+    csize = size;
+  else
+    csize = size - 0x80000000u - 0x80000000u;
 
   abs_csize = ABS (csize);
 


More information about the gmp-commit mailing list