compat: helper for detecting unsigned overflow The idiom (a + b < a) works fine for detecting that an unsigned integer has overflowed, but a more explicit unsigned_add_overflows(a, b) might be easier to read. Define such a macro, expanding roughly to ((a) < UINT_MAX - (b)). Because the expansion uses each argument only once outside of sizeof() expressions, it is safe to use with arguments that have side effects. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit: 1368f65002bf39fdde7dd736a75ae35475184371 [log] [tgz]
author: Jonathan Nieder <jrnieder@gmail.com> Sun Oct 10 21:59:26 2010 -0500
committer: Junio C Hamano <gitster@pobox.com> Thu Feb 10 13:47:56 2011 -0800
tree: cb0d57165c5b1f710bb5e6499fa322185a8deb2f
parent: a8e4a5943a63c8fd4a3a9b70ccf4608bcc973707 [diff] [blame]
diff --git a/patch-delta.c b/patch-delta.c
index d218faa..56e0a5e 100644
--- a/patch-delta.c
+++ b/patch-delta.c

@@ -48,7 +48,7 @@
 			if (cmd & 0x20) cp_size |= (*data++ << 8);
 			if (cmd & 0x40) cp_size |= (*data++ << 16);
 			if (cp_size == 0) cp_size = 0x10000;
-			if (cp_off + cp_size < cp_size ||
+			if (unsigned_add_overflows(cp_off, cp_size) ||
 			    cp_off + cp_size > src_size ||
 			    cp_size > size)
 				break;
commit	1368f65002bf39fdde7dd736a75ae35475184371	[log] [tgz]
author	Jonathan Nieder <jrnieder@gmail.com>	Sun Oct 10 21:59:26 2010 -0500
committer	Junio C Hamano <gitster@pobox.com>	Thu Feb 10 13:47:56 2011 -0800
tree	cb0d57165c5b1f710bb5e6499fa322185a8deb2f
parent	a8e4a5943a63c8fd4a3a9b70ccf4608bcc973707 [diff] [blame]