diff -up diffutils-3.5/lib/intprops.h.than diffutils-3.5/lib/intprops.h --- diffutils-3.5/lib/intprops.h.than 2017-02-21 09:08:39.470417367 -0500 +++ diffutils-3.5/lib/intprops.h 2017-02-21 09:46:57.090996508 -0500 @@ -1,6 +1,6 @@ /* intprops.h -- properties of integer types - Copyright (C) 2001-2016 Free Software Foundation, Inc. + Copyright (C) 2001-2017 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -47,12 +47,16 @@ /* Minimum and maximum values for integer types and expressions. */ +/* The width in bits of the integer type or expression T. + Padding bits are not supported; this is checked at compile-time below. */ +#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT) + /* The maximum and minimum values for the integer type T. */ #define TYPE_MINIMUM(t) ((t) ~ TYPE_MAXIMUM (t)) #define TYPE_MAXIMUM(t) \ ((t) (! TYPE_SIGNED (t) \ ? (t) -1 \ - : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) + : ((((t) 1 << (TYPE_WIDTH (t) - 2)) - 1) * 2 + 1))) /* The maximum and minimum values for the type of the expression E, after integer promotion. E should not have side effects. */ @@ -65,7 +69,13 @@ ? _GL_SIGNED_INT_MAXIMUM (e) \ : _GL_INT_NEGATE_CONVERT (e, 1)) #define _GL_SIGNED_INT_MAXIMUM(e) \ - (((_GL_INT_CONVERT (e, 1) << (sizeof ((e) + 0) * CHAR_BIT - 2)) - 1) * 2 + 1) + (((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH ((e) + 0) - 2)) - 1) * 2 + 1) + +/* Work around OpenVMS incompatibility with C99. */ +#if !defined LLONG_MAX && defined __INT64_MAX +# define LLONG_MAX __INT64_MAX +# define LLONG_MIN __INT64_MIN +#endif /* This include file assumes that signed types are two's complement without padding bits; the above macros have undefined behavior otherwise. @@ -84,10 +94,15 @@ verify (TYPE_MAXIMUM (long int) == LONG_ verify (TYPE_MINIMUM (long long int) == LLONG_MIN); verify (TYPE_MAXIMUM (long long int) == LLONG_MAX); #endif +/* Similarly, sanity-check one ISO/IEC TS 18661-1:2014 macro if defined. */ +#ifdef UINT_WIDTH +verify (TYPE_WIDTH (unsigned int) == UINT_WIDTH); +#endif /* Does the __typeof__ keyword work? This could be done by 'configure', but for now it's easier to do it by hand. */ -#if (2 <= __GNUC__ || defined __IBM__TYPEOF__ \ +#if (2 <= __GNUC__ \ + || (1210 <= __IBMC__ && defined __IBM__TYPEOF__) \ || (0x5110 <= __SUNPRO_C && !__STDC__)) # define _GL_HAVE___TYPEOF__ 1 #else @@ -116,8 +131,7 @@ verify (TYPE_MAXIMUM (long long int) == signed, this macro may overestimate the true bound by one byte when applied to unsigned types of size 2, 4, 16, ... bytes. */ #define INT_STRLEN_BOUND(t) \ - (INT_BITS_STRLEN_BOUND (sizeof (t) * CHAR_BIT \ - - _GL_SIGNED_TYPE_OR_EXPR (t)) \ + (INT_BITS_STRLEN_BOUND (TYPE_WIDTH (t) - _GL_SIGNED_TYPE_OR_EXPR (t)) \ + _GL_SIGNED_TYPE_OR_EXPR (t)) /* Bound on buffer size needed to represent an integer type or expression T, @@ -222,20 +236,23 @@ verify (TYPE_MAXIMUM (long long int) == ? (a) < (min) >> (b) \ : (max) >> (b) < (a)) -/* True if __builtin_add_overflow (A, B, P) works when P is null. */ -#define _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL (7 <= __GNUC__) +/* True if __builtin_add_overflow (A, B, P) works when P is non-null. */ +#define _GL_HAS_BUILTIN_OVERFLOW (5 <= __GNUC__) + +/* True if __builtin_add_overflow_p (A, B, C) works. */ +#define _GL_HAS_BUILTIN_OVERFLOW_P (7 <= __GNUC__) /* The _GL*_OVERFLOW macros have the same restrictions as the *_RANGE_OVERFLOW macros, except that they do not assume that operands (e.g., A and B) have the same type as MIN and MAX. Instead, they assume that the result (e.g., A + B) has that type. */ -#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL -# define _GL_ADD_OVERFLOW(a, b, min, max) - __builtin_add_overflow (a, b, (__typeof__ ((a) + (b)) *) 0) -# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) - __builtin_sub_overflow (a, b, (__typeof__ ((a) - (b)) *) 0) -# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) - __builtin_mul_overflow (a, b, (__typeof__ ((a) * (b)) *) 0) +#if _GL_HAS_BUILTIN_OVERFLOW_P +# define _GL_ADD_OVERFLOW(a, b, min, max) \ + __builtin_add_overflow_p (a, b, (__typeof__ ((a) + (b))) 0) +# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) \ + __builtin_sub_overflow_p (a, b, (__typeof__ ((a) - (b))) 0) +# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \ + __builtin_mul_overflow_p (a, b, (__typeof__ ((a) * (b))) 0) #else # define _GL_ADD_OVERFLOW(a, b, min, max) \ ((min) < 0 ? INT_ADD_RANGE_OVERFLOW (a, b, min, max) \ @@ -315,7 +332,7 @@ verify (TYPE_MAXIMUM (long long int) == _GL_BINARY_OP_OVERFLOW (a, b, _GL_ADD_OVERFLOW) #define INT_SUBTRACT_OVERFLOW(a, b) \ _GL_BINARY_OP_OVERFLOW (a, b, _GL_SUBTRACT_OVERFLOW) -#if _GL_HAS_BUILTIN_OVERFLOW_WITH_NULL +#if _GL_HAS_BUILTIN_OVERFLOW_P # define INT_NEGATE_OVERFLOW(a) INT_SUBTRACT_OVERFLOW (0, a) #else # define INT_NEGATE_OVERFLOW(a) \ @@ -349,10 +366,6 @@ verify (TYPE_MAXIMUM (long long int) == #define INT_MULTIPLY_WRAPV(a, b, r) \ _GL_INT_OP_WRAPV (a, b, r, *, __builtin_mul_overflow, INT_MULTIPLY_OVERFLOW) -#ifndef __has_builtin -# define __has_builtin(x) 0 -#endif - /* Nonzero if this compiler has GCC bug 68193 or Clang bug 25390. See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68193 https://llvm.org/bugs/show_bug.cgi?id=25390 @@ -369,7 +382,7 @@ verify (TYPE_MAXIMUM (long long int) == the operation. BUILTIN is the builtin operation, and OVERFLOW the overflow predicate. Return 1 if the result overflows. See above for restrictions. */ -#if 5 <= __GNUC__ || __has_builtin (__builtin_add_overflow) +#if _GL_HAS_BUILTIN_OVERFLOW # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) builtin (a, b, r) #elif 201112 <= __STDC_VERSION__ && !_GL__GENERIC_BOGUS # define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \ @@ -412,7 +425,7 @@ verify (TYPE_MAXIMUM (long long int) == # else # define _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow) \ _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \ - long int, LONG_MIN, LONG_MAX)) + long int, LONG_MIN, LONG_MAX) # endif #endif diff -up diffutils-3.5/lib/xalloc-oversized.h.than diffutils-3.5/lib/xalloc-oversized.h --- diffutils-3.5/lib/xalloc-oversized.h.than 2017-02-21 09:45:13.729168233 -0500 +++ diffutils-3.5/lib/xalloc-oversized.h 2017-02-21 09:45:18.309249247 -0500 @@ -1,6 +1,6 @@ /* xalloc-oversized.h -- memory allocation size checking - Copyright (C) 1990-2000, 2003-2004, 2006-2016 Free Software Foundation, Inc. + Copyright (C) 1990-2000, 2003-2004, 2006-2017 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,48 +19,37 @@ #define XALLOC_OVERSIZED_H_ #include +#include -/* Default for (non-Clang) compilers that lack __has_builtin. */ -#ifndef __has_builtin -# define __has_builtin(x) 0 -#endif - -/* True if N * S would overflow in a size calculation. +/* True if N * S would overflow in a size_t calculation, + or would generate a value larger than PTRDIFF_MAX. This expands to a constant expression if N and S are both constants. By gnulib convention, SIZE_MAX represents overflow in size - calculations, so the conservative dividend to use here is - SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value. - However, malloc (SIZE_MAX) fails on all known hosts where - sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for - exactly-SIZE_MAX allocations on such hosts; this avoids a test and - branch when S is known to be 1. */ + calculations, so the conservative size_t-based dividend to use here + is SIZE_MAX - 1. */ #define __xalloc_oversized(n, s) \ - ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n)) + ((size_t) (PTRDIFF_MAX < SIZE_MAX ? PTRDIFF_MAX : SIZE_MAX - 1) / (s) < (n)) +#if PTRDIFF_MAX < SIZE_MAX +typedef ptrdiff_t __xalloc_count_type; +#else +typedef size_t __xalloc_count_type; +#endif -/* Return 1 if an array of N objects, each of size S, cannot exist due - to size arithmetic overflow. S must be positive and N must be - nonnegative. This is a macro, not a function, so that it - works correctly even when SIZE_MAX < N. */ +/* Return 1 if an array of N objects, each of size S, cannot exist + reliably due to size or ptrdiff_t arithmetic overflow. S must be + positive and N must be nonnegative. This is a macro, not a + function, so that it works correctly even when SIZE_MAX < N. */ -/* GCC 7 __builtin_mul_overflow should easily compute this. See: - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68120 */ #if 7 <= __GNUC__ -# define xalloc_oversized(n, s) __builtin_mul_overflow (n, s, (size_t *) NULL) - -/* GCC 5 and Clang __builtin_mul_overflow needs a temporary, and - should be used only for non-constant operands, so that - xalloc_oversized is a constant expression if both arguments are. - Do not use this if pedantic, since pedantic GCC issues a diagnostic - for ({ ... }). */ -#elif ((5 <= __GNUC__ \ - || (__has_builtin (__builtin_mul_overflow) \ - && __has_builtin (__builtin_constant_p))) \ - && !__STRICT_ANSI__) +# define xalloc_oversized(n, s) \ + __builtin_mul_overflow_p (n, s, (__xalloc_count_type) 1) +#elif 5 <= __GNUC__ && !__STRICT_ANSI__ # define xalloc_oversized(n, s) \ (__builtin_constant_p (n) && __builtin_constant_p (s) \ ? __xalloc_oversized (n, s) \ - : ({ size_t __xalloc_size; __builtin_mul_overflow (n, s, &__xalloc_size); })) + : ({ __xalloc_count_type __xalloc_count; \ + __builtin_mul_overflow (n, s, &__xalloc_count); })) /* Other compilers use integer division; this may be slower but is more portable. */