ui/gfx/geometry/safe_integer_conversions.h - Issue 2354783004: Fix overflow/underflow in gfx geometry once and for all

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: ui/gfx/geometry/safe_integer_conversions.h

Issue 2354783004: Fix overflow/underflow in gfx geometry once and for all (Closed)

Patch Set: Remove accessibility test changes Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: ui/gfx/geometry/safe_integer_conversions.h

diff --git a/ui/gfx/geometry/safe_integer_conversions.h b/ui/gfx/geometry/safe_integer_conversions.h

index 5efe134f0793ba51f1ba0908e04b9c987e638073..eb3c8037fd34002357e2b85298852a491356762e 100644

--- a/ui/gfx/geometry/safe_integer_conversions.h

+++ b/ui/gfx/geometry/safe_integer_conversions.h

@@ -57,6 +57,52 @@ inline bool IsExpressibleAsInt(float value) {

return true;

}

+// Returns true iff a+b would overflow max int.

+constexpr bool AddWouldOverflow(int a, int b) {

+ // In this function, GCC tries to make optimizations that would only

+ // work if max - a wouldn't overflow but it isn't smart enough to notice that

+ // a > 0. So cast everything to unsigned to avoid this. As it is guaranteed

+ // that max - a and b are both already positive, the cast is a noop.

+ //

+ // This is intended to be: a > 0 && max - a < b

+ return a > 0 && b > 0 &&

+ static_cast<unsigned>(std::numeric_limits<int>::max() - a) <

+ static_cast<unsigned>(b);

+// Returns true iff a+b would underflow min int.

+constexpr bool AddWouldUnderflow(int a, int b) {

+ return a < 0 && b < std::numeric_limits<int>::min() - a;

+// Returns true iff a-b would overflow max int.

+constexpr bool SubtractWouldOverflow(int a, int b) {

+ return b < 0 && a > std::numeric_limits<int>::max() + b;

+// Returns true iff a-b would underflow min int.

+constexpr bool SubtractWouldUnderflow(int a, int b) {

+ return b > 0 && a < std::numeric_limits<int>::min() + b;

+// Safely adds a+b without integer overflow/underflow. Exceeding these

+// bounds will clamp to the max or min int limit.

+constexpr int SafeAdd(int a, int b) {

+ return AddWouldOverflow(a, b)

+ ? std::numeric_limits<int>::max()

+ : AddWouldUnderflow(a, b) ? std::numeric_limits<int>::min()

+ : a + b;

+// Safely subtracts a-b without integer overflow/underflow. Exceeding these

+// bounds will clamp to the max or min int limit.

+constexpr int SafeSubtract(int a, int b) {

+ return SubtractWouldOverflow(a, b)

+ ? std::numeric_limits<int>::max()

+ : SubtractWouldUnderflow(a, b) ? std::numeric_limits<int>::min()

+ : a - b;

} // namespace gfx

#endif // UI_GFX_GEOMETRY_SAFE_INTEGER_CONVERSIONS_H_

« no previous file with comments | « ui/gfx/geometry/rect_unittest.cc ('k') | ui/gfx/geometry/safe_integer_conversions_unittest.cc » ('j') | no next file with comments »