summaryrefslogtreecommitdiff
path: root/third_party/numerics/safe_conversions.h
diff options
context:
space:
mode:
authorChris Palmer <palmer@google.com>2014-06-20 16:30:49 -0700
committerChris Palmer <palmer@google.com>2014-06-20 16:30:49 -0700
commitd9713f05fdcecab8428d39034c6b84cd0bbd2920 (patch)
tree1bf7cf8f0aff9f917f4e7e0bec1dc51e974c9832 /third_party/numerics/safe_conversions.h
parent63412bf0ec2f6bab77e60dddfb5fc65d0dd95a74 (diff)
downloadpdfium-d9713f05fdcecab8428d39034c6b84cd0bbd2920.tar.xz
Import Chromium base/numerics to resolve integer overflow.
We'll use this for integer overflows going forward. BUG=382606 R=bo_xu@foxitsoftware.com, jschuh@chromium.org Review URL: https://codereview.chromium.org/341533007
Diffstat (limited to 'third_party/numerics/safe_conversions.h')
-rw-r--r--third_party/numerics/safe_conversions.h64
1 files changed, 64 insertions, 0 deletions
diff --git a/third_party/numerics/safe_conversions.h b/third_party/numerics/safe_conversions.h
new file mode 100644
index 0000000000..681dc0a9cc
--- /dev/null
+++ b/third_party/numerics/safe_conversions.h
@@ -0,0 +1,64 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_SAFE_CONVERSIONS_H_
+#define BASE_SAFE_CONVERSIONS_H_
+
+#include <limits>
+
+#include "../logging.h"
+#include "safe_conversions_impl.h"
+
+namespace base {
+
+// Convenience function that returns true if the supplied value is in range
+// for the destination type.
+template <typename Dst, typename Src>
+inline bool IsValueInRangeForNumericType(Src value) {
+ return internal::DstRangeRelationToSrcRange<Dst>(value) ==
+ internal::RANGE_VALID;
+}
+
+// checked_cast<> is analogous to static_cast<> for numeric types,
+// except that it CHECKs that the specified numeric conversion will not
+// overflow or underflow. NaN source will always trigger a CHECK.
+template <typename Dst, typename Src>
+inline Dst checked_cast(Src value) {
+ CHECK(IsValueInRangeForNumericType<Dst>(value));
+ return static_cast<Dst>(value);
+}
+
+// saturated_cast<> is analogous to static_cast<> for numeric types, except
+// that the specified numeric conversion will saturate rather than overflow or
+// underflow. NaN assignment to an integral will trigger a CHECK condition.
+template <typename Dst, typename Src>
+inline Dst saturated_cast(Src value) {
+ // Optimization for floating point values, which already saturate.
+ if (std::numeric_limits<Dst>::is_iec559)
+ return static_cast<Dst>(value);
+
+ switch (internal::DstRangeRelationToSrcRange<Dst>(value)) {
+ case internal::RANGE_VALID:
+ return static_cast<Dst>(value);
+
+ case internal::RANGE_UNDERFLOW:
+ return std::numeric_limits<Dst>::min();
+
+ case internal::RANGE_OVERFLOW:
+ return std::numeric_limits<Dst>::max();
+
+ // Should fail only on attempting to assign NaN to a saturated integer.
+ case internal::RANGE_INVALID:
+ CHECK(false);
+ return std::numeric_limits<Dst>::max();
+ }
+
+ NOTREACHED();
+ return static_cast<Dst>(value);
+}
+
+} // namespace base
+
+#endif // BASE_SAFE_CONVERSIONS_H_
+