From d3d6c828a9d828bd0545488d83ac504d0f26719f Mon Sep 17 00:00:00 2001 From: leitner Date: Sun, 28 Jan 2007 23:36:24 +0000 Subject: [PATCH] Turns out that shifting a negative signed int is undefined behavior in C, too. Use other mechanism in case gcc decides to abuse that, too. --- rangecheck.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/rangecheck.h b/rangecheck.h index 365ef14..31bb0cb 100644 --- a/rangecheck.h +++ b/rangecheck.h @@ -68,15 +68,17 @@ int range_str4inbuf(const void* buf,size_t len,const void* stringstart); * So I decided to add some integer overflow protection functionality * here for addition and subtraction, too. */ -/* first, we need a type independent way to find the min and max values - * for each type, so the macros also work for integer types you defined - * yourself */ +/* two important assumptions: + * 1. the platform is using two's complement + * 2. there are 8 bits in a byte + */ -#define __MIN_UNSIGNED(type) ((type)0) -#define __MIN_SIGNED(type) (((type)-1)<<(sizeof(type)*8-1)) +#define __HALF_MAX_SIGNED(type) ((type)1 << (sizeof(type)*8-2)) +#define __MAX_SIGNED(type) (__HALF_MAX_SIGNED(type) - 1 + __HALF_MAX_SIGNED(type)) +#define __MIN_SIGNED(type) (-1 - __MAX_SIGNED(type)) /* we use <1 and not <0 to avoid a gcc warning */ -#define __MIN(type) ((type)-1 < 1?__MIN_SIGNED(type):__MIN_UNSIGNED(type)) +#define __MIN(type) ((type)-1 < 1?__MIN_SIGNED(type):(type)0) #define __MAX(type) ((type)~__MIN(type)) #define assign(dest,src) ({ typeof(src) __x=(src); typeof(dest) __y=__x; (__x==__y && ((__x<1) == (__y<1))?(void)((dest)=__y),0:1); })