From a7932050f65844fb1f1145fee87c72aadaf4f995 Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Thu, 11 May 2023 13:08:43 -0400
Subject: config: Saturate on overflow in flex_sizeof()

---
 src/config.h | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'src/config.h')

diff --git a/src/config.h b/src/config.h
index c6dcc1e..b2c58be 100644
--- a/src/config.h
+++ b/src/config.h
@@ -162,7 +162,17 @@ static inline size_t align_ceil(size_t align, size_t size) {
 	flex_sizeof_impl(alignof(type), sizeof(type), offsetof(type, member), sizeof(((type *)NULL)->member[0]), count)
 
 static inline size_t flex_sizeof_impl(size_t align, size_t min, size_t offset, size_t size, size_t count) {
-	size_t ret = align_ceil(align, offset + size * count);
+	size_t ret = size * count;
+	size_t overflow = ret / size != count;
+
+	ret += offset;
+	overflow |= ret < offset;
+
+	size_t mask = align - 1;
+	ret += mask;
+	overflow |= ret < mask;
+	ret &= ~mask;
+	ret |= -overflow;
 
 	// Make sure flex_sizeof(type, member, 0) >= sizeof(type), even if the
 	// type has more padding than necessary for alignment
-- 
cgit v1.2.3