diff options
| -rw-r--r-- | absl/base/macros.h | 12 | ||||
| -rw-r--r-- | absl/strings/numbers.h | 18 |
2 files changed, 24 insertions, 6 deletions
diff --git a/absl/base/macros.h b/absl/base/macros.h index f33cd192..cd7cf498 100644 --- a/absl/base/macros.h +++ b/absl/base/macros.h @@ -138,4 +138,16 @@ ABSL_NAMESPACE_END #define ABSL_INTERNAL_RETHROW do {} while (false) #endif // ABSL_HAVE_EXCEPTIONS +// Requires the compiler to prove that the size of the given object is at least +// the expected amount. +#if ABSL_HAVE_ATTRIBUTE(diagnose_if) && ABSL_HAVE_BUILTIN(__builtin_object_size) +#define ABSL_INTERNAL_NEED_MIN_SIZE(Obj, N) \ + __attribute__((diagnose_if(__builtin_object_size(Obj, 0) < N, \ + "object size provably too small " \ + "(this would corrupt memory)", \ + "error"))) +#else +#define ABSL_INTERNAL_NEED_MIN_SIZE(Obj, N) +#endif + #endif // ABSL_BASE_MACROS_H_ diff --git a/absl/strings/numbers.h b/absl/strings/numbers.h index 1d929de9..d2a89b98 100644 --- a/absl/strings/numbers.h +++ b/absl/strings/numbers.h @@ -166,18 +166,24 @@ static const int kSixDigitsToBufferSize = 16; // Required buffer size is `kSixDigitsToBufferSize`. size_t SixDigitsToBuffer(double d, absl::Nonnull<char*> buffer); -// These functions are intended for speed. All functions take an output buffer +// WARNING: These functions may write more characters than necessary, because +// they are intended for speed. All functions take an output buffer // as an argument and return a pointer to the last byte they wrote, which is the // terminating '\0'. At most `kFastToBufferSize` bytes are written. -absl::Nonnull<char*> FastIntToBuffer(int32_t, absl::Nonnull<char*>); -absl::Nonnull<char*> FastIntToBuffer(uint32_t, absl::Nonnull<char*>); -absl::Nonnull<char*> FastIntToBuffer(int64_t, absl::Nonnull<char*>); -absl::Nonnull<char*> FastIntToBuffer(uint64_t, absl::Nonnull<char*>); +absl::Nonnull<char*> FastIntToBuffer(int32_t i, absl::Nonnull<char*> buffer) + ABSL_INTERNAL_NEED_MIN_SIZE(buffer, kFastToBufferSize); +absl::Nonnull<char*> FastIntToBuffer(uint32_t i, absl::Nonnull<char*> buffer) + ABSL_INTERNAL_NEED_MIN_SIZE(buffer, kFastToBufferSize); +absl::Nonnull<char*> FastIntToBuffer(int64_t i, absl::Nonnull<char*> buffer) + ABSL_INTERNAL_NEED_MIN_SIZE(buffer, kFastToBufferSize); +absl::Nonnull<char*> FastIntToBuffer(uint64_t i, absl::Nonnull<char*> buffer) + ABSL_INTERNAL_NEED_MIN_SIZE(buffer, kFastToBufferSize); // For enums and integer types that are not an exact match for the types above, // use templates to call the appropriate one of the four overloads above. template <typename int_type> -absl::Nonnull<char*> FastIntToBuffer(int_type i, absl::Nonnull<char*> buffer) { +absl::Nonnull<char*> FastIntToBuffer(int_type i, absl::Nonnull<char*> buffer) + ABSL_INTERNAL_NEED_MIN_SIZE(buffer, kFastToBufferSize) { static_assert(sizeof(i) <= 64 / 8, "FastIntToBuffer works only with 64-bit-or-less integers."); // TODO(jorg): This signed-ness check is used because it works correctly |