From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 18 Oct 2023 06:46:34 +0000 (+0900)
Subject: macro: paranoia about overflow
X-Git-Tag: v255-rc1~156^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d54c0f37d87506686388109038a1f0c1647b3025;p=thirdparty%2Fsystemd.git

macro: paranoia about overflow

E.g. Consider the case ALIGN_TO(SIZE_MAX - 3, 4). The overflow check
passes as the condition
```
SIZE_MAX - 3 > SIZE_MAX - (4 - 1)
```
is false.
However, the value
```
l + ali - 1
```
may overflow as it is equivalent to
```
SIZE_MAX - 3 + 4 - 1
```
---

diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
index fa9aeafb98e..a311b01e30c 100644
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@@ -376,7 +376,7 @@ static inline size_t ALIGN_TO(size_t l, size_t ali) {
         if (l > SIZE_MAX - (ali - 1))
                 return SIZE_MAX; /* indicate overflow */
 
-        return ((l + ali - 1) & ~(ali - 1));
+        return ((l + (ali - 1)) & ~(ali - 1));
 }
 
 #define ALIGN2(l) ALIGN_TO(l, 2)