diff options
author | Thomas Haller <thaller@redhat.com> | 2018-10-07 13:56:25 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2018-10-07 13:57:11 +0200 |
commit | 1881983859da99a4a50753367147c56db2c6d14b (patch) | |
tree | d791dcf0fbed5d415c4133bd9b3cd3af03f44120 | |
parent | 848ba369fa0cd4638d48e7ff500dd8518ffb1c49 (diff) |
libnm-core: fix int comparisons in team setting
-rw-r--r-- | libnm-core/nm-setting-team.c | 4 | ||||
-rw-r--r-- | shared/nm-utils/nm-shared-utils.h | 29 |
2 files changed, 30 insertions, 3 deletions
diff --git a/libnm-core/nm-setting-team.c b/libnm-core/nm-setting-team.c index c1389d042..ec56682f7 100644 --- a/libnm-core/nm-setting-team.c +++ b/libnm-core/nm-setting-team.c @@ -125,9 +125,9 @@ nm_team_link_watcher_new_ethtool (int delay_up, NMTeamLinkWatcher *watcher; const char *val_fail = NULL; - if (delay_up < 0 || delay_up > G_MAXINT32) + if (delay_up < 0 || !_NM_INT_LE_MAXINT32 (delay_up)) val_fail = "delay-up"; - if (delay_down < 0 || delay_down > G_MAXINT32) + if (delay_down < 0 || !_NM_INT_LE_MAXINT32 (delay_up)) val_fail = "delay-down"; if (val_fail) { g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_FAILED, diff --git a/shared/nm-utils/nm-shared-utils.h b/shared/nm-utils/nm-shared-utils.h index 968e375c4..fb37535d7 100644 --- a/shared/nm-utils/nm-shared-utils.h +++ b/shared/nm-utils/nm-shared-utils.h @@ -34,7 +34,7 @@ _NM_INT_NOT_NEGATIVE (gssize val) * * When using such an enum for accessing an array, one naturally wants to check * that the enum is not negative. However, the compiler doesn't like a plain - * comparisong "enum_val >= 0", because (if the enum is unsigned), it will warn + * comparison "enum_val >= 0", because (if the enum is unsigned), it will warn * that the expression is always true *duh*. Not even a cast to a signed * type helps to avoid the compiler warning in any case. * @@ -43,6 +43,33 @@ _NM_INT_NOT_NEGATIVE (gssize val) return val >= 0; } +/* check whether the integer value is smaller than G_MAXINT32. This macro exists + * for the sole purpose, that a plain "((int) value <= G_MAXINT32)" comparison + * may cause the compiler or coverity that this check is always TRUE. But the + * check depends on compile time and the size of C type "int". Of course, most + * of the time in is gint32 and an int value is always <= G_MAXINT32. The check + * exists to catch cases where that is not true. + * + * Together with the G_STATIC_ASSERT(), we make sure that this is always satisfied. */ +G_STATIC_ASSERT (sizeof (int) == sizeof (gint32)); +#if _NM_CC_SUPPORT_GENERIC +#define _NM_INT_LE_MAXINT32(value) \ + ({ \ + _nm_unused typeof (value) _value = (value); \ + \ + _Generic((value), \ + int: TRUE \ + ); \ + }) +#else +#define _NM_INT_LE_MAXINT32(value) ({ \ + _nm_unused typeof (value) _value = (value); \ + _nm_unused const int *_p_value = &_value; \ + \ + TRUE; \ + }) +#endif + /*****************************************************************************/ static inline char |