[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnuastro-commits] master d366d32 2/5: Corrected size checks of gal_data
From: |
Mohammad Akhlaghi |
Subject: |
[gnuastro-commits] master d366d32 2/5: Corrected size checks of gal_data_t during allocation |
Date: |
Sat, 2 Dec 2017 22:07:25 -0500 (EST) |
branch: master
commit d366d325d7410df76320f6f604f7e3500814ae59
Author: Vladimir Markelov <address@hidden>
Commit: Mohammad Akhlaghi <address@hidden>
Corrected size checks of gal_data_t during allocation
Since dsize array type is `size_t', it cannot be negative. So instead of
checking against `<= 0', I did the following:
1. Fail with an error if `dsize[i]' is zero.
2. Fail with an error if total data size overflows the maximum possible
size (maximum value of `size_t' type).
3. Display warning to `stderr' if data size is greater than half of the
maximum `size_t' value.
---
lib/data.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/lib/data.c b/lib/data.c
index 702d2d4..b7c5c8a 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -282,6 +282,7 @@ gal_data_initialize(gal_data_t *data, void *array, uint8_t
type,
char *unit, char *comment)
{
size_t i;
+ size_t data_size_limit = (size_t)(-1);
/* Do the simple copying cases. For the display elements, set them all to
impossible (negative) values so if not explicitly set by later steps,
@@ -321,11 +322,24 @@ gal_data_initialize(gal_data_t *data, void *array,
uint8_t type,
data->size=1;
for(i=0;i<ndim;++i)
{
- /* Do a small sanity check. */
- if(dsize[i]<=0)
- error(EXIT_FAILURE, 0, "%s: the size of a dimension cannot be "
- "zero or negative. dsize[%zu], but has a value of %zu",
- __func__, i, dsize[i]);
+ /* Size along a dimension cannot be negative. */
+ if(dsize[i] == 0)
+ error(EXIT_FAILURE, 0, "%s: dsize[%zu]==0. The size of a "
+ "dimension cannot be zero", __func__, i);
+
+ /* Check for possible overflow while multiplying. */
+ if (dsize[i] >= data_size_limit / data->size)
+ error(EXIT_FAILURE, 0, "%s: dimension %zu size is too "
+ "large %zu. Total is out of bounds",
+ __func__, i, dsize[i]);
+
+ /* Print a warning if the size in this dimension is too
+ large. May happen when the user (mistakenly) writes a negative
+ value in this dimension.. */
+ if (dsize[i] >= data_size_limit / 2)
+ fprintf(stderr, "%s: WARNING: dsize[%zu] value %zu is probably "
+ "a mistake: it exceeds the limit %zu", __func__, i,
+ dsize[i], data_size_limit / 2);
/* Write this dimension's size, also correct the total number of
elements. */