diff options
| author | Peter Jones <pjones@redhat.com> | 2023-07-27 15:13:08 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2023-12-05 13:17:19 -0500 |
| commit | f27182695d88350b48c8b9a6dce54bb513d7aa4e (patch) | |
| tree | 97ba54e76007ddbe9effcd32f0be0eb7c99ab0cd /include | |
| parent | 66e6579dbf921152f647a0c16da1d3b2f40861ca (diff) | |
| download | efi-boot-shim-f27182695d88350b48c8b9a6dce54bb513d7aa4e.tar.gz efi-boot-shim-f27182695d88350b48c8b9a6dce54bb513d7aa4e.zip | |
Add primitives for overflow-checked arithmetic operations.
We need to do arithmetic on untrusted values sometimes, so this patch
adds the following primitives as macros that wrap the compiler builtins.
bool checked_add(TYPE addend0, TYPE addend1, TYPE *sum)
bool checked_sub(TYPE minuend, TYPE subtrahend, TYPE *difference)
bool checked_mul(TYPE factor0, TYPE factor1, TYPE *product)
And also the following primitive which returns True if divisor is 0 and
False otherwise:
bool checked_div(TYPE dividend, TYPE divisor, TYPE *quotient)
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/compiler.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/include/compiler.h b/include/compiler.h index b0d595f3..545a72e5 100644 --- a/include/compiler.h +++ b/include/compiler.h @@ -198,5 +198,21 @@ #error shim has no cache_invalidate() implementation for this compiler #endif /* __GNUC__ */ +#define checked_add(addend0, addend1, sum) \ + __builtin_add_overflow(addend0, addend1, sum) +#define checked_sub(minuend, subtrahend, difference) \ + __builtin_sub_overflow(minuend, subtrahend, difference) +#define checked_mul(factor0, factor1, product) \ + __builtin_mul_overflow(factor0, factor1, product) +#define checked_div(dividend, divisor, quotient) \ + ({ \ + bool _ret = True; \ + if ((divisor) != 0) { \ + _ret = False; \ + (quotient) = (dividend) / (divisor); \ + } \ + _ret; \ + }) + #endif /* !COMPILER_H_ */ // vim:fenc=utf-8:tw=75:et |