Browse Source

Turns out that shifting a negative signed int is undefined behavior in

C, too.  Use other mechanism in case gcc decides to abuse that, too.
master
Felix von Leitner 15 years ago
parent
commit
327aeb20fc
  1. 14
      rangecheck.h

14
rangecheck.h

@ -68,15 +68,17 @@ int range_str4inbuf(const void* buf,size_t len,const void* stringstart);
* So I decided to add some integer overflow protection functionality
* here for addition and subtraction, too. */
/* first, we need a type independent way to find the min and max values
* for each type, so the macros also work for integer types you defined
* yourself */
/* two important assumptions:
* 1. the platform is using two's complement
* 2. there are 8 bits in a byte
*/
#define __MIN_UNSIGNED(type) ((type)0)
#define __MIN_SIGNED(type) (((type)-1)<<(sizeof(type)*8-1))
#define __HALF_MAX_SIGNED(type) ((type)1 << (sizeof(type)*8-2))
#define __MAX_SIGNED(type) (__HALF_MAX_SIGNED(type) - 1 + __HALF_MAX_SIGNED(type))
#define __MIN_SIGNED(type) (-1 - __MAX_SIGNED(type))
/* we use <1 and not <0 to avoid a gcc warning */
#define __MIN(type) ((type)-1 < 1?__MIN_SIGNED(type):__MIN_UNSIGNED(type))
#define __MIN(type) ((type)-1 < 1?__MIN_SIGNED(type):(type)0)
#define __MAX(type) ((type)~__MIN(type))
#define assign(dest,src) ({ typeof(src) __x=(src); typeof(dest) __y=__x; (__x==__y && ((__x<1) == (__y<1))?(void)((dest)=__y),0:1); })

Loading…
Cancel
Save