da6053d0a7
Previously we were a bit sloppy with the index and size types of arrays, we'd regularly use unsigned. While I don't think this ever resulted in real issues I think we should be more careful there and follow a stricter regime: unless there's a strong reason not to use size_t for array sizes and indexes, size_t it should be. Any allocations we do ultimately will use size_t anyway, and converting forth and back between unsigned and size_t will always be a source of problems. Note that on 32bit machines "unsigned" and "size_t" are equivalent, and on 64bit machines our arrays shouldn't grow that large anyway, and if they do we have a problem, however that kind of overly large allocation we have protections for usually, but for overflows we do not have that so much, hence let's add it. So yeah, it's a story of the current code being already "good enough", but I think some extra type hygiene is better. This patch tries to be comprehensive, but it probably isn't and I missed a few cases. But I guess we can cover that later as we notice it. Among smaller fixes, this changes: 1. strv_length()' return type becomes size_t 2. the unit file changes array size becomes size_t 3. DNS answer and query array sizes become size_t Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=76745
80 lines
2.1 KiB
C
80 lines
2.1 KiB
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
/***
|
|
This file is part of systemd.
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
***/
|
|
|
|
#include <stdbool.h>
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
#include <sys/types.h>
|
|
#include <sys/uio.h>
|
|
|
|
#include "macro.h"
|
|
#include "time-util.h"
|
|
|
|
int flush_fd(int fd);
|
|
|
|
ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll);
|
|
int loop_read_exact(int fd, void *buf, size_t nbytes, bool do_poll);
|
|
int loop_write(int fd, const void *buf, size_t nbytes, bool do_poll);
|
|
|
|
int pipe_eof(int fd);
|
|
|
|
int fd_wait_for_event(int fd, int event, usec_t timeout);
|
|
|
|
ssize_t sparse_write(int fd, const void *p, size_t sz, size_t run_length);
|
|
|
|
static inline size_t IOVEC_TOTAL_SIZE(const struct iovec *i, size_t n) {
|
|
size_t j, r = 0;
|
|
|
|
for (j = 0; j < n; j++)
|
|
r += i[j].iov_len;
|
|
|
|
return r;
|
|
}
|
|
|
|
static inline size_t IOVEC_INCREMENT(struct iovec *i, size_t n, size_t k) {
|
|
size_t j;
|
|
|
|
for (j = 0; j < n; j++) {
|
|
size_t sub;
|
|
|
|
if (_unlikely_(k <= 0))
|
|
break;
|
|
|
|
sub = MIN(i[j].iov_len, k);
|
|
i[j].iov_len -= sub;
|
|
i[j].iov_base = (uint8_t*) i[j].iov_base + sub;
|
|
k -= sub;
|
|
}
|
|
|
|
return k;
|
|
}
|
|
|
|
static inline bool FILE_SIZE_VALID(uint64_t l) {
|
|
/* ftruncate() and friends take an unsigned file size, but actually cannot deal with file sizes larger than
|
|
* 2^63 since the kernel internally handles it as signed value. This call allows checking for this early. */
|
|
|
|
return (l >> 63) == 0;
|
|
}
|
|
|
|
static inline bool FILE_SIZE_VALID_OR_INFINITY(uint64_t l) {
|
|
|
|
/* Same as above, but allows one extra value: -1 as indication for infinity. */
|
|
|
|
if (l == (uint64_t) -1)
|
|
return true;
|
|
|
|
return FILE_SIZE_VALID(l);
|
|
|
|
}
|
|
|
|
#define IOVEC_INIT(base, len) { .iov_base = (base), .iov_len = (len) }
|
|
#define IOVEC_MAKE(base, len) (struct iovec) IOVEC_INIT(base, len)
|
|
#define IOVEC_INIT_STRING(string) IOVEC_INIT((char*) string, strlen(string))
|
|
#define IOVEC_MAKE_STRING(string) (struct iovec) IOVEC_INIT_STRING(string)
|