Switch to a < comparison for our calloc check; explain how it works

author: Nick Mathewson <nickm@torproject.org> 2014-11-02 11:42:33 -0500
committer: Nick Mathewson <nickm@torproject.org> 2014-11-02 11:54:42 -0500
commit: 0d8abf5365cc39e7ea91bddfeb207e8d4d233544 (patch)
tree: c8c3f25b87c8c9bf857ab842213002cf25563b04 /src/common/util.c
parent: 81b452d245c19e9a16681567b9dbcf0f7a71ac78 (diff)
download: tor-0d8abf5365cc39e7ea91bddfeb207e8d4d233544.tar.gz
tor-0d8abf5365cc39e7ea91bddfeb207e8d4d233544.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/src/common/util.c b/src/common/util.c
index 74a538ed2f..006fd804b1 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -195,14 +195,18 @@ tor_malloc_zero_(size_t size DMALLOC_PARAMS)
   return result;
 }
 
-/* Estimate the square root of SIZE_MAX. */
-#define SQRT_SIZE_MAX (((size_t) SIZE_MAX) >> (sizeof(size_t) * 8 / 2))
+/* The square root of SIZE_MAX + 1.  If a is less than this, and b is less
+ * than this, then a*b is less than SIZE_MAX.  (For example, if size_t is
+ * 32 bits, then SIZE_MAX is 0xffffffff and this value is 0x10000.  If a and
+ * b are less than this, then their product is at most (65535*65535) ==
+ * 0xfffe0001. */
+#define SQRT_SIZE_MAX_P1 (((size_t)1) << (sizeof(size_t)*4))
 
 /** Return non-zero if and only if the product of the arguments is exact. */
 static INLINE int
 size_mul_check(const size_t x, const size_t y)
 {
-  return ((x <= SQRT_SIZE_MAX && y <= SQRT_SIZE_MAX) ||
+  return ((x < SQRT_SIZE_MAX_P1 && y < SQRT_SIZE_MAX_P1) ||
           y == 0 || x <= SIZE_MAX / y);
 }
author	Nick Mathewson <nickm@torproject.org>	2014-11-02 11:42:33 -0500
committer	Nick Mathewson <nickm@torproject.org>	2014-11-02 11:54:42 -0500
commit	0d8abf5365cc39e7ea91bddfeb207e8d4d233544 (patch)
tree	c8c3f25b87c8c9bf857ab842213002cf25563b04 /src/common/util.c
parent	81b452d245c19e9a16681567b9dbcf0f7a71ac78 (diff)
download	tor-0d8abf5365cc39e7ea91bddfeb207e8d4d233544.tar.gz tor-0d8abf5365cc39e7ea91bddfeb207e8d4d233544.zip