compat: helper for detecting unsigned overflow

The idiom (a + b < a) works fine for detecting that an unsigned integer has overflowed, but a more explicit unsigned_add_overflows(a, b) might be easier to read. Define such a macro, expanding roughly to ((a) < UINT_MAX - (b)). Because the expansion uses each argument only once outside of sizeof() expressions, it is safe to use with arguments that have side effects. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Jonathan Nieder <jrnieder@gmail.com> 2010-10-11 06:59:26 +0400
committer: Junio C Hamano <gitster@pobox.com> 2011-02-11 00:47:56 +0300
commit: 1368f65002bf39fdde7dd736a75ae35475184371 (patch)
tree: cb0d57165c5b1f710bb5e6499fa322185a8deb2f /wrapper.c
parent: a8e4a5943a63c8fd4a3a9b70ccf4608bcc973707 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/wrapper.c b/wrapper.c
index 8d7dd31c4b..79635f2e16 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -53,7 +53,7 @@ void *xmalloc(size_t size)
 void *xmallocz(size_t size)
 {
 	void *ret;
-	if (size + 1 < size)
+	if (unsigned_add_overflows(size, 1))
 		die("Data too large to fit into virtual memory space.");
 	ret = xmalloc(size + 1);
 	((char*)ret)[size] = 0;
author	Jonathan Nieder <jrnieder@gmail.com>	2010-10-11 06:59:26 +0400
committer	Junio C Hamano <gitster@pobox.com>	2011-02-11 00:47:56 +0300
commit	1368f65002bf39fdde7dd736a75ae35475184371 (patch)
tree	cb0d57165c5b1f710bb5e6499fa322185a8deb2f /wrapper.c
parent	a8e4a5943a63c8fd4a3a9b70ccf4608bcc973707 (diff)