summaryrefslogtreecommitdiff
path: root/third_party/numerics/safe_conversions.h
diff options
context:
space:
mode:
authorChris Palmer <palmer@google.com>2014-06-26 16:01:46 -0700
committerChris Palmer <palmer@google.com>2014-06-26 16:01:46 -0700
commit9108ad211bf00d6e512af0919b743c1bf8b0eeb8 (patch)
treee4034b18bdb0e24d9f92100b6dbca1c6d497a656 /third_party/numerics/safe_conversions.h
parenta548d30f8126d167210fdc26783454b0b3752004 (diff)
downloadpdfium-9108ad211bf00d6e512af0919b743c1bf8b0eeb8.tar.xz
Import Chromium base/numerics to resolve integer overflow.
We'll use this for integer overflows going forward. BUG=382606 R=jam@chromium.org Review URL: https://codereview.chromium.org/349363005
Diffstat (limited to 'third_party/numerics/safe_conversions.h')
-rw-r--r--third_party/numerics/safe_conversions.h64
1 files changed, 64 insertions, 0 deletions
diff --git a/third_party/numerics/safe_conversions.h b/third_party/numerics/safe_conversions.h
new file mode 100644
index 0000000000..681dc0a9cc
--- /dev/null
+++ b/third_party/numerics/safe_conversions.h
@@ -0,0 +1,64 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_SAFE_CONVERSIONS_H_
+#define BASE_SAFE_CONVERSIONS_H_
+
+#include <limits>
+
+#include "../logging.h"
+#include "safe_conversions_impl.h"
+
+namespace base {
+
+// Convenience function that returns true if the supplied value is in range
+// for the destination type.
+template <typename Dst, typename Src>
+inline bool IsValueInRangeForNumericType(Src value) {
+ return internal::DstRangeRelationToSrcRange<Dst>(value) ==
+ internal::RANGE_VALID;
+}
+
+// checked_cast<> is analogous to static_cast<> for numeric types,
+// except that it CHECKs that the specified numeric conversion will not
+// overflow or underflow. NaN source will always trigger a CHECK.
+template <typename Dst, typename Src>
+inline Dst checked_cast(Src value) {
+ CHECK(IsValueInRangeForNumericType<Dst>(value));
+ return static_cast<Dst>(value);
+}
+
+// saturated_cast<> is analogous to static_cast<> for numeric types, except
+// that the specified numeric conversion will saturate rather than overflow or
+// underflow. NaN assignment to an integral will trigger a CHECK condition.
+template <typename Dst, typename Src>
+inline Dst saturated_cast(Src value) {
+ // Optimization for floating point values, which already saturate.
+ if (std::numeric_limits<Dst>::is_iec559)
+ return static_cast<Dst>(value);
+
+ switch (internal::DstRangeRelationToSrcRange<Dst>(value)) {
+ case internal::RANGE_VALID:
+ return static_cast<Dst>(value);
+
+ case internal::RANGE_UNDERFLOW:
+ return std::numeric_limits<Dst>::min();
+
+ case internal::RANGE_OVERFLOW:
+ return std::numeric_limits<Dst>::max();
+
+ // Should fail only on attempting to assign NaN to a saturated integer.
+ case internal::RANGE_INVALID:
+ CHECK(false);
+ return std::numeric_limits<Dst>::max();
+ }
+
+ NOTREACHED();
+ return static_cast<Dst>(value);
+}
+
+} // namespace base
+
+#endif // BASE_SAFE_CONVERSIONS_H_
+