path: root/wrapper.c
diff options
authorJonathan Nieder <>2010-10-11 02:59:26 (GMT)
committerJunio C Hamano <>2011-02-10 21:47:56 (GMT)
commit1368f65002bf39fdde7dd736a75ae35475184371 (patch)
treecb0d57165c5b1f710bb5e6499fa322185a8deb2f /wrapper.c
parenta8e4a5943a63c8fd4a3a9b70ccf4608bcc973707 (diff)
compat: helper for detecting unsigned overflow
The idiom (a + b < a) works fine for detecting that an unsigned integer has overflowed, but a more explicit unsigned_add_overflows(a, b) might be easier to read. Define such a macro, expanding roughly to ((a) < UINT_MAX - (b)). Because the expansion uses each argument only once outside of sizeof() expressions, it is safe to use with arguments that have side effects. Signed-off-by: Jonathan Nieder <> Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'wrapper.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/wrapper.c b/wrapper.c
index 8d7dd31..79635f2 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -53,7 +53,7 @@ void *xmalloc(size_t size)
void *xmallocz(size_t size)
void *ret;
- if (size + 1 < size)
+ if (unsigned_add_overflows(size, 1))
die("Data too large to fit into virtual memory space.");
ret = xmalloc(size + 1);
((char*)ret)[size] = 0;