gnuastro-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnuastro-commits] master d366d32 2/5: Corrected size checks of gal_data

From: Mohammad Akhlaghi
Subject: [gnuastro-commits] master d366d32 2/5: Corrected size checks of gal_data_t during allocation
Date: Sat, 2 Dec 2017 22:07:25 -0500 (EST) 
branch: master
commit d366d325d7410df76320f6f604f7e3500814ae59
Author: Vladimir Markelov <address@hidden>
Commit: Mohammad Akhlaghi <address@hidden>

    Corrected size checks of gal_data_t during allocation
    
    Since dsize array type is `size_t', it cannot be negative. So instead of
    checking against `<= 0', I did the following:
    
     1. Fail with an error if `dsize[i]' is zero.
    
     2. Fail with an error if total data size overflows the maximum possible
        size (maximum value of `size_t' type).
    
     3. Display warning to `stderr' if data size is greater than half of the
        maximum `size_t' value.
---
 lib/data.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/lib/data.c b/lib/data.c
index 702d2d4..b7c5c8a 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -282,6 +282,7 @@ gal_data_initialize(gal_data_t *data, void *array, uint8_t 
type,
                     char *unit, char *comment)
 {
   size_t i;
+  size_t data_size_limit = (size_t)(-1);
 
   /* Do the simple copying cases. For the display elements, set them all to
      impossible (negative) values so if not explicitly set by later steps,
@@ -321,11 +322,24 @@ gal_data_initialize(gal_data_t *data, void *array, 
uint8_t type,
       data->size=1;
       for(i=0;i<ndim;++i)
         {
-          /* Do a small sanity check. */
-          if(dsize[i]<=0)
-            error(EXIT_FAILURE, 0, "%s: the size of a dimension cannot be "
-                  "zero or negative. dsize[%zu], but has a value of %zu",
-                  __func__, i, dsize[i]);
+          /* Size along a dimension cannot be negative. */
+          if(dsize[i] == 0)
+            error(EXIT_FAILURE, 0, "%s: dsize[%zu]==0. The size of a "
+                  "dimension cannot be zero", __func__, i);
+
+          /* Check for possible overflow while multiplying. */
+          if (dsize[i] >= data_size_limit / data->size)
+            error(EXIT_FAILURE, 0, "%s: dimension %zu size is too "
+                    "large %zu. Total is out of bounds",
+                    __func__, i, dsize[i]);
+
+          /* Print a warning if the size in this dimension is too
+             large. May happen when the user (mistakenly) writes a negative
+             value in this dimension.. */
+          if (dsize[i] >= data_size_limit / 2)
+            fprintf(stderr, "%s: WARNING: dsize[%zu] value %zu is probably "
+                    "a mistake: it exceeds the limit %zu", __func__, i,
+                    dsize[i], data_size_limit / 2);
 
           /* Write this dimension's size, also correct the total number of
              elements. */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]