diff options
author | Chris Palmer <palmer@google.com> | 2014-06-26 16:01:46 -0700 |
---|---|---|
committer | Chris Palmer <palmer@google.com> | 2014-06-26 16:01:46 -0700 |
commit | 9108ad211bf00d6e512af0919b743c1bf8b0eeb8 (patch) | |
tree | e4034b18bdb0e24d9f92100b6dbca1c6d497a656 /third_party/numerics/safe_conversions.h | |
parent | a548d30f8126d167210fdc26783454b0b3752004 (diff) | |
download | pdfium-9108ad211bf00d6e512af0919b743c1bf8b0eeb8.tar.xz |
Import Chromium base/numerics to resolve integer overflow.
We'll use this for integer overflows going forward.
BUG=382606
R=jam@chromium.org
Review URL: https://codereview.chromium.org/349363005
Diffstat (limited to 'third_party/numerics/safe_conversions.h')
-rw-r--r-- | third_party/numerics/safe_conversions.h | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/third_party/numerics/safe_conversions.h b/third_party/numerics/safe_conversions.h new file mode 100644 index 0000000000..681dc0a9cc --- /dev/null +++ b/third_party/numerics/safe_conversions.h @@ -0,0 +1,64 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_SAFE_CONVERSIONS_H_ +#define BASE_SAFE_CONVERSIONS_H_ + +#include <limits> + +#include "../logging.h" +#include "safe_conversions_impl.h" + +namespace base { + +// Convenience function that returns true if the supplied value is in range +// for the destination type. +template <typename Dst, typename Src> +inline bool IsValueInRangeForNumericType(Src value) { + return internal::DstRangeRelationToSrcRange<Dst>(value) == + internal::RANGE_VALID; +} + +// checked_cast<> is analogous to static_cast<> for numeric types, +// except that it CHECKs that the specified numeric conversion will not +// overflow or underflow. NaN source will always trigger a CHECK. +template <typename Dst, typename Src> +inline Dst checked_cast(Src value) { + CHECK(IsValueInRangeForNumericType<Dst>(value)); + return static_cast<Dst>(value); +} + +// saturated_cast<> is analogous to static_cast<> for numeric types, except +// that the specified numeric conversion will saturate rather than overflow or +// underflow. NaN assignment to an integral will trigger a CHECK condition. +template <typename Dst, typename Src> +inline Dst saturated_cast(Src value) { + // Optimization for floating point values, which already saturate. + if (std::numeric_limits<Dst>::is_iec559) + return static_cast<Dst>(value); + + switch (internal::DstRangeRelationToSrcRange<Dst>(value)) { + case internal::RANGE_VALID: + return static_cast<Dst>(value); + + case internal::RANGE_UNDERFLOW: + return std::numeric_limits<Dst>::min(); + + case internal::RANGE_OVERFLOW: + return std::numeric_limits<Dst>::max(); + + // Should fail only on attempting to assign NaN to a saturated integer. + case internal::RANGE_INVALID: + CHECK(false); + return std::numeric_limits<Dst>::max(); + } + + NOTREACHED(); + return static_cast<Dst>(value); +} + +} // namespace base + +#endif // BASE_SAFE_CONVERSIONS_H_ + |