blob: 52d9acb49239ea9d1dd6d1a6c47313cef52b04cb [file] [log] [blame]
From f27182695d88350b48c8b9a6dce54bb513d7aa4e Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 27 Jul 2023 15:13:08 -0400
Subject: [PATCH] Add primitives for overflow-checked arithmetic operations.
We need to do arithmetic on untrusted values sometimes, so this patch
adds the following primitives as macros that wrap the compiler builtins.
bool checked_add(TYPE addend0, TYPE addend1, TYPE *sum)
bool checked_sub(TYPE minuend, TYPE subtrahend, TYPE *difference)
bool checked_mul(TYPE factor0, TYPE factor1, TYPE *product)
And also the following primitive which returns True if divisor is 0 and
False otherwise:
bool checked_div(TYPE dividend, TYPE divisor, TYPE *quotient)
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/compiler.h | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/include/compiler.h b/include/compiler.h
index b0d595f32..545a72e5d 100644
--- a/include/compiler.h
+++ b/include/compiler.h
@@ -198,5 +198,21 @@
#error shim has no cache_invalidate() implementation for this compiler
#endif /* __GNUC__ */
+#define checked_add(addend0, addend1, sum) \
+ __builtin_add_overflow(addend0, addend1, sum)
+#define checked_sub(minuend, subtrahend, difference) \
+ __builtin_sub_overflow(minuend, subtrahend, difference)
+#define checked_mul(factor0, factor1, product) \
+ __builtin_mul_overflow(factor0, factor1, product)
+#define checked_div(dividend, divisor, quotient) \
+ ({ \
+ bool _ret = True; \
+ if ((divisor) != 0) { \
+ _ret = False; \
+ (quotient) = (dividend) / (divisor); \
+ } \
+ _ret; \
+ })
+
#endif /* !COMPILER_H_ */
// vim:fenc=utf-8:tw=75:et