summaryrefslogtreecommitdiffstats
path: root/shallow.c
diff options
context:
space:
mode:
authorRasmus Villemoes <rv@rasmusvillemoes.dk>2016-12-06 13:53:37 +0100
committerJunio C Hamano <gitster@pobox.com>2016-12-08 00:44:31 +0100
commit381aa8e73070646933520e1133a81ab4ba383891 (patch)
tree5b01c4654b226888dbb6a8cd12e9b61e57b36ebc /shallow.c
parentshallow.c: make paint_alloc slightly more robust (diff)
downloadgit-381aa8e73070646933520e1133a81ab4ba383891.tar.xz
git-381aa8e73070646933520e1133a81ab4ba383891.zip
shallow.c: avoid theoretical pointer wrap-around
The expression info->free+size is technically undefined behaviour in exactly the case we want to test for. Moreover, the compiler is likely to translate the expression to (unsigned long)info->free + size > (unsigned long)info->end where there's at least a theoretical chance that the LHS could wrap around 0, giving a false negative. This might as well be written using pointer subtraction avoiding these issues. Signed-off-by: Rasmus Villemoes <rv@rasmusvillemoes.dk> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Reviewed-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to '')
-rw-r--r--shallow.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/shallow.c b/shallow.c
index 7d5ea0cd39..4c4486ad67 100644
--- a/shallow.c
+++ b/shallow.c
@@ -368,7 +368,7 @@ static uint32_t *paint_alloc(struct paint_info *info)
unsigned nr = (info->nr_bits + 31) / 32;
unsigned size = nr * sizeof(uint32_t);
void *p;
- if (!info->pool_count || info->free + size > info->end) {
+ if (!info->pool_count || size > info->end - info->free) {
if (size > POOL_SIZE)
die("BUG: pool size too small for %d in paint_alloc()",
size);