diff options
| author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2020-04-22 01:18:08 +0000 |
|---|---|---|
| committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2020-04-22 01:18:08 +0000 |
| commit | 4de19cbb56090a1549d5e0fa3cd642abf2450a1b (patch) | |
| tree | 4b1e32ba9373a650683d8a77fcc3678d8cd8b71d /lib | |
| parent | 28c5d071cb0c41c3f2d323fc673d5ebb4ce31ff7 (diff) | |
| download | netpbm-mirror-4de19cbb56090a1549d5e0fa3cd642abf2450a1b.tar.gz netpbm-mirror-4de19cbb56090a1549d5e0fa3cd642abf2450a1b.tar.xz netpbm-mirror-4de19cbb56090a1549d5e0fa3cd642abf2450a1b.zip | |
Use SIZE_MAX instead of UINT_MAX for max size_t
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@3793 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/util/mallocvar.h | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/lib/util/mallocvar.h b/lib/util/mallocvar.h index 00ba6484..a2fb9eb7 100644 --- a/lib/util/mallocvar.h +++ b/lib/util/mallocvar.h @@ -28,26 +28,37 @@ mallocProduct(void ** const resultP, unsigned int const factor2) { /*---------------------------------------------------------------------------- malloc a space whose size in bytes is the product of 'factor1' and - 'factor2'. But if that size cannot be represented as an unsigned int, - return NULL without allocating anything. Also return NULL if the malloc - fails. + 'factor2'. But if the malloc fails, or that size is too large even to + request from malloc, return NULL without allocating anything. If either factor is zero, malloc a single byte. - - Note that malloc() actually takes a size_t size argument, so the - proper test would be whether the size can be represented by size_t, - not unsigned int. But there is no reliable indication available to - us, like UINT_MAX, of what the limitations of size_t are. We - assume size_t is at least as expressive as unsigned int and that - nobody really needs to allocate more than 4GB of memory. -----------------------------------------------------------------------------*/ + /* C99 introduces SIZE_MAX, the maximum size_t value. + + Pre-C99, we just use UINT_MAX, because in practice size_t is always at + least as wide as unsigned int and nobody with such an old compiler + could possibly need memory sizes larger than UINT_MAX. + */ + size_t const sizeMax = +#if defined(SIZE_MAX) + SIZE_MAX +#else + UINT_MAX +#endif + ; + if (factor1 == 0 || factor2 == 0) *resultP = malloc(1); else { - if (UINT_MAX / factor2 < factor1) + /* N.B. The type of malloc's argument is size_t */ + if ((size_t)factor1 != factor1 || (size_t)factor2 != factor2) *resultP = NULL; - else - *resultP = malloc(factor1 * factor2); + else { + if (sizeMax / factor2 < factor1) + *resultP = NULL; + else + *resultP = malloc((size_t)factor1 * factor2); + } } } |