Renamed SDL_size_add_overflow() and SDL_size_mul_overflow()

2025-06-01 01:17:40 +00:00 · 2024-09-02 12:56:44 -07:00 · 2024-09-02 12:56:44 -07:00 · eacf119923
commit eacf119923
parent fb7245fb93
11 changed files with 117 additions and 109 deletions
--- a/build-scripts/SDL_migration.cocci
+++ b/build-scripts/SDL_migration.cocci
--- a/docs/README-migration.md
+++ b/docs/README-migration.md
@ -1723,6 +1723,8 @@ The following macros have been removed:
 * SDL_TABLESIZE() - use SDL_arraysize() instead
 The following functions have been renamed:
 * SDL_size_add_overflow() => SDL_size_add_check_overflow()
 * SDL_size_mul_overflow() => SDL_size_mul_check_overflow()
 * SDL_strtokr() => SDL_strtok_r()
 The following functions have been removed:
--- a/include/SDL3/SDL_oldnames.h
+++ b/include/SDL3/SDL_oldnames.h
@ -581,6 +581,8 @@
 /* ##SDL_stdinc.h */
 #define SDL_TABLESIZE SDL_arraysize
 #define SDL_size_add_overflow SDL_size_add_check_overflow
 #define SDL_size_mul_overflow SDL_size_mul_check_overflow
 #define SDL_strtokr SDL_strtok_r
 /* ##SDL_surface.h */
@ -1205,6 +1207,8 @@
 /* ##SDL_stdinc.h */
 #define SDL_TABLESIZE SDL_TABLESIZE_renamed_SDL_arraysize
 #define SDL_size_add_overflow SDL_size_add_overflow_renamed_SDL_size_add_check_overflow
 #define SDL_size_mul_overflow SDL_size_mul_overflow_renamed_SDL_size_mul_check_overflow
 #define SDL_strtokr SDL_strtokr_renamed_SDL_strtok_r
 /* ##SDL_surface.h */
--- a/include/SDL3/SDL_stdinc.h
+++ b/include/SDL3/SDL_stdinc.h
@ -3082,29 +3082,27 @@ size_t wcslcat(wchar_t *dst, const wchar_t *src, size_t size);
 /**
 * Multiply two integers, checking for overflow.
 *
- * If `a * b` would overflow, return -1.
+ * If `a * b` would overflow, return SDL_FALSE.
 *
- * Otherwise store `a * b` via ret and return 0.
+ * Otherwise store `a * b` via ret and return SDL_TRUE.
 *
 * \param a the multiplicand.
 * \param b the multiplier.
 * \param ret on non-overflow output, stores the multiplication result. May
 *            not be NULL.
- * \returns -1 on overflow, 0 if result doesn't overflow.
+ * \returns SDL_FALSE on overflow, SDL_TRUE if result is multiplied without overflow.
 *
 * \threadsafety It is safe to call this function from any thread.
 *
 * \since This function is available since SDL 3.0.0.
 */
-SDL_FORCE_INLINE int SDL_size_mul_overflow (size_t a,
+SDL_FORCE_INLINE SDL_bool SDL_size_mul_check_overflow(size_t a, size_t b, size_t *ret)
                                            size_t b,
                                            size_t *ret)
 {
    if (a != 0 && b > SDL_SIZE_MAX / a) {
-        return -1;
+        return SDL_FALSE;
    }
    *ret = a * b;
-    return 0;
+    return SDL_TRUE;
 }
 #ifndef SDL_WIKI_DOCUMENTATION_SECTION
@ -3112,13 +3110,11 @@ SDL_FORCE_INLINE int SDL_size_mul_overflow (size_t a,
 /* This needs to be wrapped in an inline rather than being a direct #define,
 * because __builtin_mul_overflow() is type-generic, but we want to be
 * consistent about interpreting a and b as size_t. */
-SDL_FORCE_INLINE int SDL_size_mul_overflow_builtin (size_t a,
+SDL_FORCE_INLINE SDL_bool SDL_size_mul_check_overflow_builtin(size_t a, size_t b, size_t *ret)
                                                     size_t b,
                                                     size_t *ret)
 {
-    return __builtin_mul_overflow(a, b, ret) == 0 ? 0 : -1;
+    return (__builtin_mul_overflow(a, b, ret) == 0);
 }
-#define SDL_size_mul_overflow(a, b, ret) (SDL_size_mul_overflow_builtin(a, b, ret))
+#define SDL_size_mul_check_overflow(a, b, ret) SDL_size_mul_check_overflow_builtin(a, b, ret)
 #endif
 #endif
@ -3133,34 +3129,30 @@ SDL_FORCE_INLINE int SDL_size_mul_overflow_builtin (size_t a,
 * \param b the second addend.
 * \param ret on non-overflow output, stores the addition result. May not be
 *            NULL.
- * \returns -1 on overflow, 0 if result doesn't overflow.
+ * \returns SDL_FALSE on overflow, SDL_TRUE if result is added without overflow.
 *
 * \threadsafety It is safe to call this function from any thread.
 *
 * \since This function is available since SDL 3.0.0.
 */
-SDL_FORCE_INLINE int SDL_size_add_overflow (size_t a,
+SDL_FORCE_INLINE SDL_bool SDL_size_add_check_overflow(size_t a, size_t b, size_t *ret)
                                            size_t b,
                                            size_t *ret)
 {
    if (b > SDL_SIZE_MAX - a) {
-        return -1;
+        return SDL_FALSE;
    }
    *ret = a + b;
-    return 0;
+    return SDL_TRUE;
 }
 #ifndef SDL_WIKI_DOCUMENTATION_SECTION
 #if SDL_HAS_BUILTIN(__builtin_add_overflow)
 /* This needs to be wrapped in an inline rather than being a direct #define,
 * the same as the call to __builtin_mul_overflow() above. */
-SDL_FORCE_INLINE int SDL_size_add_overflow_builtin (size_t a,
+SDL_FORCE_INLINE SDL_bool SDL_size_add_check_overflow_builtin(size_t a, size_t b, size_t *ret)
                                                     size_t b,
                                                     size_t *ret)
 {
-    return __builtin_add_overflow(a, b, ret) == 0 ? 0 : -1;
+    return (__builtin_add_overflow(a, b, ret) == 0);
 }
-#define SDL_size_add_overflow(a, b, ret) (SDL_size_add_overflow_builtin(a, b, ret))
+#define SDL_size_add_check_overflow(a, b, ret) SDL_size_add_check_overflow_builtin(a, b, ret)
 #endif
 #endif
--- a/src/SDL_assert.c
+++ b/src/SDL_assert.c
@ -175,7 +175,7 @@ static SDL_AssertState SDLCALL SDL_PromptAssertion(const SDL_AssertData *data, v
    // .. and if it didn't, try to allocate as much room as we actually need.
    if (len >= (int)buf_len) {
-        if (SDL_size_add_overflow(len, 1, &buf_len) == 0) {
+        if (SDL_size_add_check_overflow(len, 1, &buf_len)) {
            message = (char *)SDL_malloc(buf_len);
            if (message) {
                len = SDL_RenderAssertMessage(message, buf_len, data);
--- a/src/SDL_log.c
+++ b/src/SDL_log.c
@ -480,7 +480,7 @@ void SDL_LogMessageV(int category, SDL_LogPriority priority, SDL_PRINTF_FORMAT_S
    }
    // If message truncated, allocate and re-render
-    if (len >= sizeof(stack_buf) && SDL_size_add_overflow(len, 1, &len_plus_term) == 0) {
+    if (len >= sizeof(stack_buf) && SDL_size_add_check_overflow(len, 1, &len_plus_term)) {
        // Allocate exactly what we need, including the zero-terminator
        message = (char *)SDL_malloc(len_plus_term);
        if (!message) {
--- a/src/stdlib/SDL_stdlib.c
+++ b/src/stdlib/SDL_stdlib.c
@ -539,9 +539,9 @@ void *SDL_aligned_alloc(size_t alignment, size_t size)
    }
    padding = (alignment - (size % alignment));
-    if (SDL_size_add_overflow(size, alignment, &size) == 0 &&
+    if (SDL_size_add_check_overflow(size, alignment, &size) &&
-        SDL_size_add_overflow(size, sizeof(void *), &size) == 0 &&
+        SDL_size_add_check_overflow(size, sizeof(void *), &size) &&
-        SDL_size_add_overflow(size, padding, &size) == 0) {
+        SDL_size_add_check_overflow(size, padding, &size)) {
        void *original = SDL_malloc(size);
        if (original) {
            // Make sure we have enough space to store the original pointer
--- a/src/video/SDL_RLEaccel.c
+++ b/src/video/SDL_RLEaccel.c
@ -1456,7 +1456,7 @@ static bool UnRLEAlpha(SDL_Surface *surface)
        uncopy_opaque = uncopy_transl = uncopy_32;
    }
-    if (SDL_size_mul_overflow(surface->h, surface->pitch, &size)) {
+    if (!SDL_size_mul_check_overflow(surface->h, surface->pitch, &size)) {
        return false;
    }
@ -1527,7 +1527,7 @@ void SDL_UnRLESurface(SDL_Surface *surface, bool recode)
                size_t size;
                // re-create the original surface
-                if (SDL_size_mul_overflow(surface->h, surface->pitch, &size)) {
+                if (!SDL_size_mul_check_overflow(surface->h, surface->pitch, &size)) {
                    // Memory corruption?
                    surface->internal->flags |= SDL_INTERNAL_SURFACE_RLEACCEL;
                    return;
--- a/src/video/SDL_surface.c
+++ b/src/video/SDL_surface.c
@ -61,27 +61,27 @@ void SDL_UpdateSurfaceLockFlag(SDL_Surface *surface)
 static bool SDL_CalculateRGBSize(Uint32 format, size_t width, size_t height, size_t *size, size_t *pitch, bool minimal)
 {
    if (SDL_BITSPERPIXEL(format) >= 8) {
-        if (SDL_size_mul_overflow(width, SDL_BYTESPERPIXEL(format), pitch)) {
+        if (!SDL_size_mul_check_overflow(width, SDL_BYTESPERPIXEL(format), pitch)) {
            return SDL_SetError("width * bpp would overflow");
        }
    } else {
-        if (SDL_size_mul_overflow(width, SDL_BITSPERPIXEL(format), pitch)) {
+        if (!SDL_size_mul_check_overflow(width, SDL_BITSPERPIXEL(format), pitch)) {
            return SDL_SetError("width * bpp would overflow");
        }
-        if (SDL_size_add_overflow(*pitch, 7, pitch)) {
+        if (!SDL_size_add_check_overflow(*pitch, 7, pitch)) {
            return SDL_SetError("aligning pitch would overflow");
        }
        *pitch /= 8;
    }
    if (!minimal) {
        // 4-byte aligning for speed
-        if (SDL_size_add_overflow(*pitch, 3, pitch)) {
+        if (!SDL_size_add_check_overflow(*pitch, 3, pitch)) {
            return SDL_SetError("aligning pitch would overflow");
        }
        *pitch &= ~3;
    }
-    if (SDL_size_mul_overflow(height, *pitch, size)) {
+    if (!SDL_size_mul_check_overflow(height, *pitch, size)) {
        return SDL_SetError("height * pitch would overflow");
    }
--- a/src/video/SDL_yuv.c
+++ b/src/video/SDL_yuv.c
@ -43,7 +43,7 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
        {
            /* sz_plane == w * h; */
            size_t s1;
-            if (SDL_size_mul_overflow(w, h, &s1) < 0) {
+            if (!SDL_size_mul_check_overflow(w, h, &s1)) {
                return SDL_SetError("width * height would overflow");
            }
            sz_plane = (int) s1;
@ -52,15 +52,15 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
        {
            /* sz_plane_chroma == ((w + 1) / 2) * ((h + 1) / 2); */
            size_t s1, s2, s3;
-            if (SDL_size_add_overflow(w, 1, &s1) < 0) {
+            if (!SDL_size_add_check_overflow(w, 1, &s1)) {
                return SDL_SetError("width + 1 would overflow");
            }
            s1 = s1 / 2;
-            if (SDL_size_add_overflow(h, 1, &s2) < 0) {
+            if (!SDL_size_add_check_overflow(h, 1, &s2)) {
                return SDL_SetError("height + 1 would overflow");
            }
            s2 = s2 / 2;
-            if (SDL_size_mul_overflow(s1, s2, &s3) < 0) {
+            if (!SDL_size_mul_check_overflow(s1, s2, &s3)) {
                return SDL_SetError("width * height would overflow");
            }
            sz_plane_chroma = (int) s3;
@ -68,11 +68,11 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
    } else {
        /* sz_plane_packed == ((w + 1) / 2) * h; */
        size_t s1, s2;
-        if (SDL_size_add_overflow(w, 1, &s1) < 0) {
+        if (!SDL_size_add_check_overflow(w, 1, &s1)) {
            return SDL_SetError("width + 1 would overflow");
        }
        s1 = s1 / 2;
-        if (SDL_size_mul_overflow(s1, h, &s2) < 0) {
+        if (!SDL_size_mul_check_overflow(s1, h, &s2)) {
            return SDL_SetError("width * height would overflow");
        }
        sz_plane_packed = (int) s2;
@ -89,10 +89,10 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
        if (size) {
            // dst_size == sz_plane + sz_plane_chroma + sz_plane_chroma;
            size_t s1, s2;
-            if (SDL_size_add_overflow(sz_plane, sz_plane_chroma, &s1) < 0) {
+            if (!SDL_size_add_check_overflow(sz_plane, sz_plane_chroma, &s1)) {
                return SDL_SetError("Y + U would overflow");
            }
-            if (SDL_size_add_overflow(s1, sz_plane_chroma, &s2) < 0) {
+            if (!SDL_size_add_check_overflow(s1, sz_plane_chroma, &s2)) {
                return SDL_SetError("Y + U + V would overflow");
            }
            *size = (int)s2;
@ -106,11 +106,11 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
        if (pitch) {
            /* pitch == ((w + 1) / 2) * 4; */
           size_t p1, p2;
-           if (SDL_size_add_overflow(w, 1, &p1) < 0) {
+           if (!SDL_size_add_check_overflow(w, 1, &p1)) {
               return SDL_SetError("width + 1 would overflow");
           }
           p1 = p1 / 2;
-           if (SDL_size_mul_overflow(p1, 4, &p2) < 0) {
+           if (!SDL_size_mul_check_overflow(p1, 4, &p2)) {
               return SDL_SetError("width * 4 would overflow");
           }
           *pitch = p2;
@ -119,7 +119,7 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
        if (size) {
            /* dst_size == 4 * sz_plane_packed; */
            size_t s1;
-            if (SDL_size_mul_overflow(sz_plane_packed, 4, &s1) < 0) {
+            if (!SDL_size_mul_check_overflow(sz_plane_packed, 4, &s1)) {
                return SDL_SetError("plane * 4 would overflow");
            }
            *size = (int) s1;
@ -135,10 +135,10 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
        if (size) {
            // dst_size == sz_plane + sz_plane_chroma + sz_plane_chroma;
            size_t s1, s2;
-            if (SDL_size_add_overflow(sz_plane, sz_plane_chroma, &s1) < 0) {
+            if (!SDL_size_add_check_overflow(sz_plane, sz_plane_chroma, &s1)) {
                return SDL_SetError("Y + U would overflow");
            }
-            if (SDL_size_add_overflow(s1, sz_plane_chroma, &s2) < 0) {
+            if (!SDL_size_add_check_overflow(s1, sz_plane_chroma, &s2)) {
                return SDL_SetError("Y + U + V would overflow");
            }
            *size = (int) s2;
--- a/test/testautomation_stdlib.c
+++ b/test/testautomation_stdlib.c
@ -917,32 +917,32 @@ typedef struct
    size_t a;
    size_t b;
    size_t result;
-    int status;
+    SDL_bool status;
 } overflow_test;
 static const overflow_test multiplications[] = {
-    { 1, 1, 1, 0 },
+    { 1, 1, 1, SDL_TRUE },
-    { 0, 0, 0, 0 },
+    { 0, 0, 0, SDL_TRUE },
-    { SDL_SIZE_MAX, 0, 0, 0 },
+    { SDL_SIZE_MAX, 0, 0, SDL_TRUE },
-    { SDL_SIZE_MAX, 1, SDL_SIZE_MAX, 0 },
+    { SDL_SIZE_MAX, 1, SDL_SIZE_MAX, SDL_TRUE },
-    { SDL_SIZE_MAX / 2, 2, SDL_SIZE_MAX - (SDL_SIZE_MAX % 2), 0 },
+    { SDL_SIZE_MAX / 2, 2, SDL_SIZE_MAX - (SDL_SIZE_MAX % 2), SDL_TRUE },
-    { SDL_SIZE_MAX / 23, 23, SDL_SIZE_MAX - (SDL_SIZE_MAX % 23), 0 },
+    { SDL_SIZE_MAX / 23, 23, SDL_SIZE_MAX - (SDL_SIZE_MAX % 23), SDL_TRUE },
-    { (SDL_SIZE_MAX / 2) + 1, 2, 0, -1 },
+    { (SDL_SIZE_MAX / 2) + 1, 2, 0, SDL_FALSE },
-    { (SDL_SIZE_MAX / 23) + 42, 23, 0, -1 },
+    { (SDL_SIZE_MAX / 23) + 42, 23, 0, SDL_FALSE },
-    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, -1 },
+    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, SDL_FALSE },
 };
 static const overflow_test additions[] = {
-    { 1, 1, 2, 0 },
+    { 1, 1, 2, SDL_TRUE },
-    { 0, 0, 0, 0 },
+    { 0, 0, 0, SDL_TRUE },
-    { SDL_SIZE_MAX, 0, SDL_SIZE_MAX, 0 },
+    { SDL_SIZE_MAX, 0, SDL_SIZE_MAX, SDL_TRUE },
-    { SDL_SIZE_MAX - 1, 1, SDL_SIZE_MAX, 0 },
+    { SDL_SIZE_MAX - 1, 1, SDL_SIZE_MAX, SDL_TRUE },
-    { SDL_SIZE_MAX - 42, 23, SDL_SIZE_MAX - (42 - 23), 0 },
+    { SDL_SIZE_MAX - 42, 23, SDL_SIZE_MAX - (42 - 23), SDL_TRUE },
-    { SDL_SIZE_MAX, 1, 0, -1 },
+    { SDL_SIZE_MAX, 1, 0, SDL_FALSE },
-    { SDL_SIZE_MAX, 23, 0, -1 },
+    { SDL_SIZE_MAX, 23, 0, SDL_FALSE },
-    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, -1 },
+    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, SDL_FALSE },
 };
 static int
@ -964,22 +964,22 @@ stdlib_overflow(void *arg)
            size_t result = ~t->result;
            if (useBuiltin) {
-                status = SDL_size_mul_overflow(t->a, t->b, &result);
+                status = SDL_size_mul_check_overflow(t->a, t->b, &result);
            } else {
                /* This disables the macro that tries to use a gcc/clang
                 * builtin, so we test the fallback implementation instead. */
-                status = (SDL_size_mul_overflow)(t->a, t->b, &result);
+                status = (SDL_size_mul_check_overflow)(t->a, t->b, &result);
            }
-            if (t->status == 0) {
+            if (t->status) {
-                SDLTest_AssertCheck(status == 0,
+                SDLTest_AssertCheck(status,
                                    "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should succeed",
                                    t->a, t->b);
                SDLTest_AssertCheck(result == t->result,
                                    "(%" SIZE_FORMAT " * %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                    t->a, t->b, t->result, result);
            } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                    "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should fail",
                                    t->a, t->b);
            }
@ -991,20 +991,20 @@ stdlib_overflow(void *arg)
            result = ~t->result;
            if (useBuiltin) {
-                status = SDL_size_mul_overflow(t->b, t->a, &result);
+                status = SDL_size_mul_check_overflow(t->b, t->a, &result);
            } else {
-                status = (SDL_size_mul_overflow)(t->b, t->a, &result);
+                status = (SDL_size_mul_check_overflow)(t->b, t->a, &result);
            }
-            if (t->status == 0) {
+            if (t->status) {
-                SDLTest_AssertCheck(status == 0,
+                SDLTest_AssertCheck(status,
                                    "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should succeed",
                                    t->b, t->a);
                SDLTest_AssertCheck(result == t->result,
                                    "(%" SIZE_FORMAT " * %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                    t->b, t->a, t->result, result);
            } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                    "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should fail",
                                    t->b, t->a);
            }
@ -1012,24 +1012,24 @@ stdlib_overflow(void *arg)
        for (i = 0; i < SDL_arraysize(additions); i++) {
            const overflow_test *t = &additions[i];
-            int status;
+            SDL_bool status;
            size_t result = ~t->result;
            if (useBuiltin) {
-                status = SDL_size_add_overflow(t->a, t->b, &result);
+                status = SDL_size_add_check_overflow(t->a, t->b, &result);
            } else {
-                status = (SDL_size_add_overflow)(t->a, t->b, &result);
+                status = (SDL_size_add_check_overflow)(t->a, t->b, &result);
            }
-            if (t->status == 0) {
+            if (t->status) {
-                SDLTest_AssertCheck(status == 0,
+                SDLTest_AssertCheck(status,
                                    "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should succeed",
                                    t->a, t->b);
                SDLTest_AssertCheck(result == t->result,
                                    "(%" SIZE_FORMAT " + %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                    t->a, t->b, t->result, result);
            } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                    "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should fail",
                                    t->a, t->b);
            }
@ -1041,20 +1041,20 @@ stdlib_overflow(void *arg)
            result = ~t->result;
            if (useBuiltin) {
-                status = SDL_size_add_overflow(t->b, t->a, &result);
+                status = SDL_size_add_check_overflow(t->b, t->a, &result);
            } else {
-                status = (SDL_size_add_overflow)(t->b, t->a, &result);
+                status = (SDL_size_add_check_overflow)(t->b, t->a, &result);
            }
-            if (t->status == 0) {
+            if (t->status) {
-                SDLTest_AssertCheck(status == 0,
+                SDLTest_AssertCheck(status,
                                    "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should succeed",
                                    t->b, t->a);
                SDLTest_AssertCheck(result == t->result,
                                    "(%" SIZE_FORMAT " + %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                    t->b, t->a, t->result, result);
            } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                    "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should fail",
                                    t->b, t->a);
            }