c.h: avoid undefined behavior in SINT_MAX macro

The previous implementation relied on signed-integer overflow.
This is undefined behavior.

Instead use an implementation that only requires twos-complement
representation. This is what everybody uses anyways and it will be
required by C23.

diff --git a/include/c.h b/include/c.h
index 0663774d22092dc0df40492f34801284ade8ac82..eab6ff5054db4a6b6fa8459d423a4ae0e7d4a426 100644 (file)
--- a/include/c.h
+++ b/include/c.h
@@ -526,6 +526,6 @@ static inline void print_features(const char **features, const char *prefix)
 # define MAP_ANONYMOUS  (MAP_ANON)
 #endif
 
-#define SINT_MAX(t) (((size_t) 1 << (sizeof(t) * 8 - 1)) - 1)
+#define SINT_MAX(t) ((t)((~(t) 0) ^ (t) 1 << (sizeof(t) * 8 - 1)))
 
 #endif /* UTIL_LINUX_C_H */