Simplify add/sub/mul overflow checks

author Ondřej Surý <ondrej@isc.org>

Tue, 5 Aug 2025 06:19:20 +0000 (08:19 +0200)

committer Ondřej Surý <ondrej@isc.org>

Tue, 26 Aug 2025 13:32:53 +0000 (15:32 +0200)
author Ondřej Surý <ondrej@isc.org>
Tue, 5 Aug 2025 06:19:20 +0000 (08:19 +0200)
committer Ondřej Surý <ondrej@isc.org>
Tue, 26 Aug 2025 13:32:53 +0000 (15:32 +0200)
diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c

index 935d989c4dcc91cb27c4cfdf8c06d4b295f095bf..79ac71f83530d4123bb10e1486e5145e9ca59448 100644 (file)
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -319,7 +319,7 @@ keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp,
                         return 0;
                 }
  
-               if (ISC_OVERFLOW_ADD(active, klifetime, &retire)) {
+               if (ckd_add(&retire, active, klifetime)) {
                         log_key_overflow(key->key, "retire");
                         retire = UINT32_MAX;
                 }
@@ -442,7 +442,7 @@ keymgr_key_update_lifetime(dns_dnsseckey_t *key, dns_kasp_t *kasp,
                         uint32_t a = now;
                         uint32_t inactive;
                         (void)dst_key_gettime(key->key, DST_TIME_ACTIVATE, &a);
-                       if (ISC_OVERFLOW_ADD(a, lifetime, &inactive)) {
+                       if (ckd_add(&inactive, a, lifetime)) {
                                 log_key_overflow(key->key, "inactive");
                                 inactive = UINT32_MAX;
                         }
@@ -1986,7 +1986,7 @@ keymgr_key_rollover(dns_kasp_key_t *kaspkey, dns_dnsseckey_t *active_key,
         if (lifetime > 0) {
                 uint32_t inactive;
  
-               if (ISC_OVERFLOW_ADD(active, lifetime, &inactive)) {
+               if (ckd_add(&inactive, active, lifetime)) {
                         log_key_overflow(new_key->key, "inactive");
                         inactive = UINT32_MAX;
                 }
diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c

index 22974186658b562d33a90c77a05971cfbd5c25a0..6991fe9187cb378a55f2b7128e723b17c9e4b62c 100644 (file)
--- a/lib/dns/rdataslab.c
+++ b/lib/dns/rdataslab.c
@@ -173,7 +173,7 @@ makeslab(dns_rdataset_t *rdataset, isc_mem_t *mctx, isc_region_t *region,
          */
         nalloc = nitems;
  
-       RUNTIME_CHECK(!ISC_OVERFLOW_MUL(nalloc, sizeof(rdata[0]), &rdatasize));
+       RUNTIME_CHECK(!ckd_mul(&rdatasize, nalloc, sizeof(rdata[0])));
         rdata = isc_mem_get(mctx, rdatasize);
  
         /*
diff --git a/lib/isc/include/isc/overflow.h b/lib/isc/include/isc/overflow.h

index bd8e4eec737c79085f5a060450506716d0d087cf..38aa8fee9f230d54a77425ed6d9abd1afa3f659f 100644 (file)
--- a/lib/isc/include/isc/overflow.h
+++ b/lib/isc/include/isc/overflow.h
@@ -17,63 +17,45 @@
  
  #include <isc/util.h>
  
-/*
- * It is awkward to support signed numbers as well, so keep it simple
- * (with a safety check).
- */
-#define ISC_OVERFLOW_IS_UNSIGNED(a)                                      \
-       ({                                                               \
-               STATIC_ASSERT((typeof(a))-1 > 0,                         \
-                             "overflow checks require unsigned types"); \
-               (a);                                                     \
-       })
-
-#define ISC_OVERFLOW_UINT_MAX(a) ISC_OVERFLOW_IS_UNSIGNED((typeof(a))-1)
-
-#define ISC_OVERFLOW_UINT_MIN(a) ISC_OVERFLOW_IS_UNSIGNED(0)
-
-/*
- * Return true on overflow, e.g.
- *
- *     bool overflow = ISC_OVERFLOW_MUL(count, sizeof(array[0]), &bytes);
- *     INSIST(!overflow);
- */
+#if HAVE_STDCKDINT_H
+#include <stdckdint.h>
  
-#define ISC_OVERFLOW_MUL(a, b, cp) __builtin_mul_overflow(a, b, cp)
+#else /* HAVE_STDCKDINT_H */
  
-#define ISC_OVERFLOW_ADD(a, b, cp) __builtin_add_overflow(a, b, cp)
+#define ckd_mul(cp, a, b) __builtin_mul_overflow(a, b, cp)
+#define ckd_add(cp, a, b) __builtin_add_overflow(a, b, cp)
+#define ckd_sub(cp, a, b) __builtin_sub_overflow(a, b, cp)
  
-#define ISC_OVERFLOW_SUB(a, b, cp) __builtin_sub_overflow(a, b, cp)
+#endif /* HAVE_STDCKDINT_H */
  
-#define ISC_CHECKED_MUL(a, b)                                      \
-       ({                                                         \
-               typeof(a) _c;                                      \
-               bool      _overflow = ISC_OVERFLOW_MUL(a, b, &_c); \
-               INSIST(!_overflow);                                \
-               _c;                                                \
+#define ISC_CHECKED_MUL(a, b)                             \
+       ({                                                \
+               typeof(a) _c;                             \
+               bool      _overflow = ckd_mul(&_c, a, b); \
+               INSIST(!_overflow);                       \
+               _c;                                       \
         })
  
-#define ISC_CHECKED_ADD(a, b)                                      \
-       ({                                                         \
-               typeof(a) _c;                                      \
-               bool      _overflow = ISC_OVERFLOW_ADD(a, b, &_c); \
-               INSIST(!_overflow);                                \
-               _c;                                                \
+#define ISC_CHECKED_ADD(a, b)                             \
+       ({                                                \
+               typeof(a) _c;                             \
+               bool      _overflow = ckd_add(&_c, a, b); \
+               INSIST(!_overflow);                       \
+               _c;                                       \
         })
  
-#define ISC_CHECKED_SUB(a, b)                                     \
-       ({                                                        \
-               typeof(a) _c;                                     \
-               bool      _overflow = ISC_OVERFLOW_SUB(a, b, cp); \
-               INSIST(!_overflow);                               \
-               _c;                                               \
+#define ISC_CHECKED_SUB(a, b)                             \
+       ({                                                \
+               typeof(a) _c;                             \
+               bool      _overflow = ckd_sub(&_c, a, b); \
+               INSIST(!_overflow);                       \
+               _c;                                       \
         })
  
-#define ISC_CHECKED_MUL_ADD(a, b, c)                              \
-       ({                                                        \
-               size_t _d;                                        \
-               bool   _overflow = ISC_OVERFLOW_MUL(a, b, &_d) || \
-                                ISC_OVERFLOW_ADD(_d, c, &_d);    \
-               INSIST(!_overflow);                               \
-               _d;                                               \
+#define ISC_CHECKED_MUL_ADD(a, b, c)                                          \
+       ({                                                                    \
+               size_t _d;                                                    \
+               bool   _overflow = ckd_mul(&_d, a, b) || ckd_add(&_d, _d, c); \
+               INSIST(!_overflow);                                           \
+               _d;                                                           \
         })
diff --git a/lib/isc/time.c b/lib/isc/time.c

index fc47e6c48f0221523dd4b55aaa31dffeb1ebe16c..90afabfc4205e6d66cb3cb46a21e5eae3fa4b727 100644 (file)
--- a/lib/isc/time.c
+++ b/lib/isc/time.c
@@ -190,7 +190,7 @@ isc_time_add(const isc_time_t *t, const isc_interval_t *i, isc_time_t *result) {
         REQUIRE(t->nanoseconds < NS_PER_SEC && i->nanoseconds < NS_PER_SEC);
  
         /* Seconds */
-       if (ISC_OVERFLOW_ADD(t->seconds, i->seconds, &result->seconds)) {
+       if (ckd_add(&result->seconds, t->seconds, i->seconds)) {
                 return ISC_R_RANGE;
         }
  
@@ -214,7 +214,7 @@ isc_time_subtract(const isc_time_t *t, const isc_interval_t *i,
         REQUIRE(t->nanoseconds < NS_PER_SEC && i->nanoseconds < NS_PER_SEC);
  
         /* Seconds */
-       if (ISC_OVERFLOW_SUB(t->seconds, i->seconds, &result->seconds)) {
+       if (ckd_sub(&result->seconds, t->seconds, i->seconds)) {
                 return ISC_R_RANGE;
         }
  
diff --git a/meson.build b/meson.build

index 133e6d1e8fa708aded80002c0b2944199119b2f9..736f99d8fe9d886475921cbea570e46451ec5d4a 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -525,6 +525,7 @@ foreach h : [
      'net/if6.h',
      'net/route.h',
      'regex.h',
+    'stdckdint.h',
      'sys/mman.h',
      'sys/select.h',
      'sys/sockio.h',
author	Ondřej Surý <ondrej@isc.org>
	Tue, 5 Aug 2025 06:19:20 +0000 (08:19 +0200)
committer	Ondřej Surý <ondrej@isc.org>
	Tue, 26 Aug 2025 13:32:53 +0000 (15:32 +0200)
lib/dns/keymgr.c		patch \| blob \| blame \| history
lib/dns/rdataslab.c		patch \| blob \| blame \| history
lib/isc/include/isc/overflow.h		patch \| blob \| blame \| history
lib/isc/time.c		patch \| blob \| blame \| history
meson.build		patch \| blob \| blame \| history