Mercurial > gnulib
changeset 38241:909a440ad711
quotearg: pacify GCC better
* modules/quotearg (Depends-on): Add minmax, stdint.
* lib/quotearg.c: Include minmax.h, stdint.h.
(nslots): Now int, as there seems little point to going to extra
work merely to support the INT_MAX slot, which nobody ever uses.
(quotearg_n_options): Redo size-overflow checks to pacify GCC
and to catch (mostly-theoretical) ptrdiff_t problems too.
This can be done via one comparison.
author | Paul Eggert <eggert@cs.ucla.edu> |
---|---|
date | Thu, 15 Dec 2016 09:53:45 -0800 |
parents | f9dafd51172a |
children | ab7a57bd5e3b |
files | ChangeLog lib/quotearg.c modules/quotearg |
diffstat | 3 files changed, 22 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Dec 14 17:09:04 2016 -0800 +++ b/ChangeLog Thu Dec 15 09:53:45 2016 -0800 @@ -1,3 +1,14 @@ +2016-12-15 Paul Eggert <eggert@cs.ucla.edu> + + quotearg: pacify GCC better + * modules/quotearg (Depends-on): Add minmax, stdint. + * lib/quotearg.c: Include minmax.h, stdint.h. + (nslots): Now int, as there seems little point to going to extra + work merely to support the INT_MAX slot, which nobody ever uses. + (quotearg_n_options): Redo size-overflow checks to pacify GCC + and to catch (mostly-theoretical) ptrdiff_t problems too. + This can be done via one comparison. + 2016-12-14 Paul Eggert <eggert@cs.ucla.edu> xalloc-oversized: check for PTRDIFF_MAX too
--- a/lib/quotearg.c Wed Dec 14 17:09:04 2016 -0800 +++ b/lib/quotearg.c Thu Dec 15 09:53:45 2016 -0800 @@ -29,6 +29,7 @@ #include "quotearg.h" #include "quote.h" +#include "minmax.h" #include "xalloc.h" #include "c-strcaseeq.h" #include "localcharset.h" @@ -37,6 +38,7 @@ #include <errno.h> #include <limits.h> #include <stdbool.h> +#include <stdint.h> #include <stdlib.h> #include <string.h> #include <wchar.h> @@ -830,7 +832,7 @@ /* Preallocate a slot 0 buffer, so that the caller can always quote one small component of a "memory exhausted" message in slot 0. */ static char slot0[256]; -static unsigned int nslots = 1; +static int nslots = 1; static struct slotvec slotvec0 = {sizeof slot0, slot0}; static struct slotvec *slotvec = &slotvec0; @@ -838,7 +840,7 @@ quotearg_free (void) { struct slotvec *sv = slotvec; - unsigned int i; + int i; for (i = 1; i < nslots; i++) free (sv[i].val); if (sv[0].val != slot0) @@ -869,30 +871,23 @@ { int e = errno; - unsigned int n0 = n; struct slotvec *sv = slotvec; if (n < 0) abort (); - if (nslots <= n0) + if (nslots <= n) { - /* FIXME: technically, the type of n1 should be 'unsigned int', - but that evokes an unsuppressible warning from gcc-4.0.1 and - older. If gcc ever provides an option to suppress that warning, - revert to the original type, so that the test in xalloc_oversized - is once again performed only at compile time. */ - size_t n1 = n0 + 1; bool preallocated = (sv == &slotvec0); - if (xalloc_oversized (n1, sizeof *sv)) + if (MIN (INT_MAX, MIN (PTRDIFF_MAX, SIZE_MAX) / sizeof *sv) <= n) xalloc_die (); - slotvec = sv = xrealloc (preallocated ? NULL : sv, n1 * sizeof *sv); + slotvec = sv = xrealloc (preallocated ? NULL : sv, (n + 1) * sizeof *sv); if (preallocated) *sv = slotvec0; - memset (sv + nslots, 0, (n1 - nslots) * sizeof *sv); - nslots = n1; + memset (sv + nslots, 0, (n + 1 - nslots) * sizeof *sv); + nslots = n + 1; } {