From a66c36b42acc69494a299d69c8c3204cdc961f16 Mon Sep 17 00:00:00 2001
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Sun, 1 Jan 2006 12:19:44 +0000
Subject: [PATCH] Cleaned up overflow checks in platform memory allocators
 (thanks to Nicolas  Lebedenco for pointing out the original issue with long
 long literals).

---
 CHANGELOG             |  3 +++
 physfs_internal.h     | 17 +++++++++++++++++
 platform/macclassic.c |  8 ++------
 platform/os2.c        |  8 ++------
 platform/pocketpc.c   |  8 ++------
 platform/posix.c      |  8 ++------
 platform/skeleton.c   |  8 ++------
 platform/win32.c      |  8 ++------
 8 files changed, 32 insertions(+), 36 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 981d7038..ff017604 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,9 @@
  * CHANGELOG.
  */
 
+01012006 - Cleaned up overflow checks in platform memory allocators (thanks to
+           Nicolas Lebedenco for pointing out the original issue with
+           long long literals).
 11282005 - Corrected docs on PHYSFS_setWriteDir().
 10122005 - Fixed locateInStringList() in physfs.c (thanks, Matze!). Patched
            archivers/wad.c to compile.
diff --git a/physfs_internal.h b/physfs_internal.h
index d77ce32b..105382ba 100644
--- a/physfs_internal.h
+++ b/physfs_internal.h
@@ -1253,6 +1253,23 @@ void __PHYSFS_sort(void *entries, PHYSFS_uint32 max,
 #define GOTO_MACRO_MUTEX(e, m, g) { __PHYSFS_setError(e); __PHYSFS_platformReleaseMutex(m); goto g; }
 #define GOTO_IF_MACRO_MUTEX(c, e, m, g) if (c) { __PHYSFS_setError(e); __PHYSFS_platformReleaseMutex(m); goto g; }
 
+#ifdef __GNUC__
+#define LONGLONGLITERAL(x) x##LL
+#else
+#define LONGLONGLITERAL(x) x
+#endif
+
+/*
+ * Check if a ui64 will fit in the platform's address space.
+ *  The initial sizeof check will optimize this macro out entirely on
+ *  64-bit (and larger?!) platforms, and the other condition will
+ *  return zero or non-zero if the variable will fit in the platform's
+ *  size_t, suitable to pass to malloc. This is kinda messy, but effective.
+ */
+#define __PHYSFS_ui64FitsAddressSpace(s) ( \
+    (sizeof (PHYSFS_uint64) > sizeof (size_t)) && \
+    ((s) > (LONGLONGLITERAL(0xFFFFFFFFFFFFFFFF) >> (64-(sizeof(size_t)*8)))) \
+)
 
 /*
  * The current allocator. Not valid before PHYSFS_init is called!
diff --git a/platform/macclassic.c b/platform/macclassic.c
index e2669a26..8a7f391f 100644
--- a/platform/macclassic.c
+++ b/platform/macclassic.c
@@ -944,9 +944,7 @@ void __PHYSFS_platformAllocatorDeinit(void)
 
 void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef malloc
     return(malloc((size_t) s));
 } /* __PHYSFS_platformMalloc */
@@ -954,9 +952,7 @@ void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 
 void *__PHYSFS_platformAllocatorRealloc(void *ptr, PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef realloc
     return(realloc(ptr, (size_t) s));
 } /* __PHYSFS_platformRealloc */
diff --git a/platform/os2.c b/platform/os2.c
index f4796213..b66ba424 100644
--- a/platform/os2.c
+++ b/platform/os2.c
@@ -757,9 +757,7 @@ void __PHYSFS_platformAllocatorDeinit(void)
 
 void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef malloc
     return(malloc((size_t) s));
 } /* __PHYSFS_platformMalloc */
@@ -767,9 +765,7 @@ void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 
 void *__PHYSFS_platformAllocatorRealloc(void *ptr, PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef realloc
     return(realloc(ptr, (size_t) s));
 } /* __PHYSFS_platformRealloc */
diff --git a/platform/pocketpc.c b/platform/pocketpc.c
index 556dec97..26207855 100644
--- a/platform/pocketpc.c
+++ b/platform/pocketpc.c
@@ -675,9 +675,7 @@ void __PHYSFS_platformAllocatorDeinit(void)
 
 void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef malloc
     return(malloc((size_t) s));
 } /* __PHYSFS_platformMalloc */
@@ -685,9 +683,7 @@ void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 
 void *__PHYSFS_platformAllocatorRealloc(void *ptr, PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef realloc
     return(realloc(ptr, (size_t) s));
 } /* __PHYSFS_platformRealloc */
diff --git a/platform/posix.c b/platform/posix.c
index 7f10577b..cb2201f0 100644
--- a/platform/posix.c
+++ b/platform/posix.c
@@ -517,9 +517,7 @@ void __PHYSFS_platformAllocatorDeinit(void)
 
 void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef malloc
     return(malloc((size_t) s));
 } /* __PHYSFS_platformMalloc */
@@ -527,9 +525,7 @@ void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 
 void *__PHYSFS_platformAllocatorRealloc(void *ptr, PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef realloc
     return(realloc(ptr, (size_t) s));
 } /* __PHYSFS_platformRealloc */
diff --git a/platform/skeleton.c b/platform/skeleton.c
index 9c0d4dc0..d329b1cd 100644
--- a/platform/skeleton.c
+++ b/platform/skeleton.c
@@ -249,9 +249,7 @@ void __PHYSFS_platformAllocatorDeinit(void)
 
 void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef malloc
     return(malloc((size_t) s));
 } /* __PHYSFS_platformMalloc */
@@ -259,9 +257,7 @@ void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 
 void *__PHYSFS_platformAllocatorRealloc(void *ptr, PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef realloc
     return(realloc(ptr, (size_t) s));
 } /* __PHYSFS_platformRealloc */
diff --git a/platform/win32.c b/platform/win32.c
index a5f6f9af..fba20197 100644
--- a/platform/win32.c
+++ b/platform/win32.c
@@ -1125,9 +1125,7 @@ void __PHYSFS_platformAllocatorDeinit(void)
 
 void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef malloc
     return(malloc((size_t) s));
 } /* __PHYSFS_platformMalloc */
@@ -1135,9 +1133,7 @@ void *__PHYSFS_platformAllocatorMalloc(PHYSFS_uint64 s)
 
 void *__PHYSFS_platformAllocatorRealloc(void *ptr, PHYSFS_uint64 s)
 {
-    /* make sure s isn't larger than the address space of the platform... */
-    if ( s > (0xFFFFFFFFFFFFFFFF >> (64-(sizeof (size_t) * 8))) )
-        BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL);
+    BAIL_IF_MACRO(__PHYSFS_ui64FitsAddressSpace(s), ERR_OUT_OF_MEMORY, NULL);
     #undef realloc
     return(realloc(ptr, (size_t) s));
 } /* __PHYSFS_platformRealloc */