Merge remote-tracking branch 'mikeperry/bug25400_squashed'

2 files changed, 15 insertions, 0 deletions

diff --git a/src/common/util.c b/src/common/util.c
index 041e7aee3d..b14b6f3979 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -572,6 +572,19 @@ add_laplace_noise(int64_t signal_, double random_, double delta_f,
     return signal_ + noise;
 }
 
+/* Helper: safely add two uint32_t's, capping at UINT32_MAX rather
+ * than overflow */
+uint32_t
+tor_add_u32_nowrap(uint32_t a, uint32_t b)
+{
+  /* a+b > UINT32_MAX check, without overflow */
+  if (PREDICT_UNLIKELY(a > UINT32_MAX - b)) {
+    return UINT32_MAX;
+  } else {
+    return a+b;
+  }
+}
+
 /* Helper: return greatest common divisor of a,b */
 static uint64_t
 gcd64(uint64_t a, uint64_t b)
diff --git a/src/common/util.h b/src/common/util.h
index ae27e5f016..c0d20e1b22 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -176,6 +176,8 @@ int n_bits_set_u8(uint8_t v);
 int64_t clamp_double_to_int64(double number);
 void simplify_fraction64(uint64_t *numer, uint64_t *denom);
 
+uint32_t tor_add_u32_nowrap(uint32_t a, uint32_t b);
+
 /* Compute the CEIL of <b>a</b> divided by <b>b</b>, for nonnegative <b>a</b>
  * and positive <b>b</b>.  Works on integer types only. Not defined if a+(b-1)
  * can overflow. */