[PATCH 1/5] Simplify inputline return value
* zic.c (inputline): Return bool, not ptrdiff_t. All callers changed. --- zic.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/zic.c b/zic.c index 548c1c5..0671889 100644 --- a/zic.c +++ b/zic.c @@ -1575,10 +1575,9 @@ associate(void) /* Read a text line from FP into BUF, which is of size BUFSIZE. Terminate it with a NUL byte instead of a newline. - Return the line's length, not counting the NUL byte. - On EOF, return a negative number. + Return true if successful, false if EOF. On error, report the error and exit. */ -static ptrdiff_t +static bool inputline(FILE *fp, char *buf, ptrdiff_t bufsize) { ptrdiff_t linelen = 0, ch; @@ -1589,7 +1588,7 @@ inputline(FILE *fp, char *buf, ptrdiff_t bufsize) exit(EXIT_FAILURE); } if (linelen == 0) - return -1; + return false; error(_("unterminated line")); exit(EXIT_FAILURE); } @@ -1604,7 +1603,7 @@ inputline(FILE *fp, char *buf, ptrdiff_t bufsize) } } buf[linelen] = '\0'; - return linelen; + return true; } static void @@ -1626,13 +1625,11 @@ infile(int fnum, char const *name) } wantcont = false; for (num = 1; ; ++num) { - ptrdiff_t linelen; char buf[_POSIX2_LINE_MAX]; int nfields; char *fields[MAX_FIELDS]; eat(fnum, num); - linelen = inputline(fp, buf, sizeof buf); - if (linelen < 0) + if (!inputline(fp, buf, sizeof buf)) break; nfields = getfields(buf, fields, sizeof fields / sizeof *fields); -- 2.38.1
* localtime.c (time2sub): Refactor to do subtraction at compile-time rather than addition at runtime. Use yourtm.tm_year instead of y; they’re equal, and using yourtm.tm_year simplifies later patches. --- localtime.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/localtime.c b/localtime.c index 9fa1bf7..f9655ed 100644 --- a/localtime.c +++ b/localtime.c @@ -2039,7 +2039,7 @@ time2sub(struct tm *const tmp, yourtm.tm_year = y; if (yourtm.tm_sec >= 0 && yourtm.tm_sec < SECSPERMIN) saved_seconds = 0; - else if (y + TM_YEAR_BASE < EPOCH_YEAR) { + else if (yourtm.tm_year < EPOCH_YEAR - TM_YEAR_BASE) { /* ** We can't set tm_sec to 0, because that might push the ** time below the minimum representable time. -- 2.38.1
* zic.c (size_product): Return ptrdiff_t not size_t. The result fits in both types, as any sizes greater than PTRDIFF_MAX will cause problems elsewhere; and signed types are better in debugging implementations that check signed integer overflow. (align_to, growalloc): Refactor to simplify future transition to ckd_add. (grow_nitems_alloc): New static function, to simplify this refactoring. --- zic.c | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/zic.c b/zic.c index 0671889..9f5bd38 100644 --- a/zic.c +++ b/zic.c @@ -468,22 +468,22 @@ memory_exhausted(const char *msg) exit(EXIT_FAILURE); } -static ATTRIBUTE_PURE size_t -size_product(size_t nitems, size_t itemsize) +static ATTRIBUTE_PURE ptrdiff_t +size_product(ptrdiff_t nitems, size_t itemsize) { - if (SIZE_MAX / itemsize < nitems) - memory_exhausted(_("size overflow")); - return nitems * itemsize; + ptrdiff_t nitems_max = min(PTRDIFF_MAX, SIZE_MAX) / itemsize; + if (nitems <= nitems_max) + return nitems * itemsize; + memory_exhausted(_("size overflow")); } static ATTRIBUTE_PURE size_t align_to(size_t size, size_t alignment) { - size_t aligned_size = size + alignment - 1; - aligned_size -= aligned_size % alignment; - if (aligned_size < size) - memory_exhausted(_("alignment overflow")); - return aligned_size; + size_t lo_bits = alignment - 1, addend = -size & lo_bits; + if (size <= SIZE_MAX - lo_bits) + return size + addend; + memory_exhausted(_("alignment overflow")); } #if !HAVE_STRDUP @@ -521,18 +521,24 @@ estrdup(char const *str) return memcheck(strdup(str)); } +static ptrdiff_t +grow_nitems_alloc(ptrdiff_t *nitems_alloc, ptrdiff_t itemsize) +{ + ptrdiff_t addend = (*nitems_alloc >> 1) + 1; + ptrdiff_t amax = min(PTRDIFF_MAX, SIZE_MAX); + if (*nitems_alloc <= ((amax - 1) / 3 * 2) / itemsize) { + *nitems_alloc += addend; + return *nitems_alloc * itemsize; + } + memory_exhausted(_("integer overflow")); +} + static void * growalloc(void *ptr, size_t itemsize, ptrdiff_t nitems, ptrdiff_t *nitems_alloc) { - if (nitems < *nitems_alloc) - return ptr; - else { - ptrdiff_t amax = min(PTRDIFF_MAX, SIZE_MAX); - if ((amax - 1) / 3 * 2 < *nitems_alloc) - memory_exhausted(_("integer overflow")); - *nitems_alloc += (*nitems_alloc >> 1) + 1; - return erealloc(ptr, size_product(*nitems_alloc, itemsize)); - } + return (nitems < *nitems_alloc + ? ptr + : erealloc(ptr, grow_nitems_alloc(nitems_alloc, itemsize))); } /* -- 2.38.1
* zic.c (oadd, tadd): Negate sense of branch, to simplify future changes. (tadd): Simplify. --- zic.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/zic.c b/zic.c index 9f5bd38..45dffea 100644 --- a/zic.c +++ b/zic.c @@ -3690,28 +3690,19 @@ time_overflow(void) static ATTRIBUTE_PURE zic_t oadd(zic_t t1, zic_t t2) { - if (t1 < 0 ? t2 < ZIC_MIN - t1 : ZIC_MAX - t1 < t2) - time_overflow(); - return t1 + t2; + if (t1 < 0 ? ZIC_MIN - t1 <= t2 : t2 <= ZIC_MAX - t1) + return t1 + t2; + time_overflow(); } static ATTRIBUTE_PURE zic_t tadd(zic_t t1, zic_t t2) { - if (t1 < 0) { - if (t2 < min_time - t1) { - if (t1 != min_time) - time_overflow(); - return min_time; - } - } else { - if (max_time - t1 < t2) { - if (t1 != max_time) - time_overflow(); - return max_time; - } - } - return t1 + t2; + if (t1 < 0 ? min_time - t1 <= t2 : t2 <= max_time - t1) + return t1 + t2; + if (t1 == min_time || t1 == max_time) + return t1; + time_overflow(); } /* -- 2.38.1
* localtime.c (tzloadbody): No need to give a name to strlen(name). (tzparse): Prefer ptrdiff_t to size_t where either will do. --- localtime.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/localtime.c b/localtime.c index f9655ed..7326567 100644 --- a/localtime.c +++ b/localtime.c @@ -425,8 +425,7 @@ tzloadbody(char const *name, struct state *sp, bool doextend, #endif if (!doaccess) { char const *dot; - size_t namelen = strlen(name); - if (sizeof lsp->fullname - sizeof tzdirslash <= namelen) + if (sizeof lsp->fullname - sizeof tzdirslash <= strlen(name)) return ENAMETOOLONG; /* Create a string "TZDIR/NAME". Using sprintf here @@ -1120,13 +1119,11 @@ tzparse(const char *name, struct state *sp, struct state *basep) { const char * stdname; const char * dstname; - size_t stdlen; - size_t dstlen; - size_t charcnt; int_fast32_t stdoffset; int_fast32_t dstoffset; register char * cp; register bool load_ok; + ptrdiff_t stdlen, dstlen, charcnt; time_t atlo = TIME_T_MIN, leaplo = TIME_T_MIN; stdname = name; -- 2.38.1
participants (1)
-
Paul Eggert