Update overflow macro

derobins · Mar 24, 2024 · e4f5a06 · e4f5a06
1 parent 8752758
commit e4f5a06
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/src/H5Oainfo.c b/src/H5Oainfo.c
@@ -138,19 +138,25 @@ H5O__ainfo_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUS
         ainfo->max_crt_idx = H5O_MAX_CRT_ORDER_IDX;
 
     /* Address of fractal heap to store "dense" attributes */
+    H5_GCC_DIAG_OFF("type-limits")
     if (H5_IS_BUFFER_OVERFLOW(p, sizeof_addr, p_end))
         HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+    H5_GCC_DIAG_ON("type-limits")
     H5F_addr_decode(f, &p, &(ainfo->fheap_addr));
 
     /* Address of v2 B-tree to index names of attributes (names are always indexed) */
+    H5_GCC_DIAG_OFF("type-limits")
     if (H5_IS_BUFFER_OVERFLOW(p, sizeof_addr, p_end))
         HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+    H5_GCC_DIAG_ON("type-limits")
     H5F_addr_decode(f, &p, &(ainfo->name_bt2_addr));
 
     /* Address of v2 B-tree to index creation order of links, if there is one */
     if (ainfo->index_corder) {
+        H5_GCC_DIAG_OFF("type-limits")
         if (H5_IS_BUFFER_OVERFLOW(p, sizeof_addr, p_end))
             HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+        H5_GCC_DIAG_ON("type-limits")
         H5F_addr_decode(f, &p, &(ainfo->corder_bt2_addr));
     }
     else

diff --git a/src/H5Olinfo.c b/src/H5Olinfo.c
@@ -159,8 +159,10 @@ H5O__linfo_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUS
 
     /* Address of v2 B-tree to index creation order of links, if there is one */
     if (linfo->index_corder) {
+        H5_GCC_DIAG_OFF("type-limits")
         if (H5_IS_BUFFER_OVERFLOW(p, addr_size, p_end))
             HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+        H5_GCC_DIAG_ON("type-limits")
         H5F_addr_decode(f, &p, &(linfo->corder_bt2_addr));
     }
     else

diff --git a/src/H5private.h b/src/H5private.h
@@ -346,7 +346,10 @@
 /* Check if a read of size bytes starting at ptr would overflow past
  * the last valid byte, pointed to by buffer_end.
  */
-#define H5_IS_BUFFER_OVERFLOW(ptr, size, buffer_end) (((ptr) + (size)-1) > (buffer_end))
+#define H5_IS_BUFFER_OVERFLOW(ptr, size, buffer_end)                                                         \
+    (((ptr) > (buffer_end)) ||                             /* Bad precondition */                            \
+     ((ptrdiff_t)(size) > (((buffer_end) - (ptr)) + 1)) || /* Typical overflow */                            \
+     ((intptr_t)(size) < 0))                               /* Negative 'size' would wrap 'ptr' */
 
 /* Variant of H5_IS_BUFFER_OVERFLOW, used with functions such as H5Tdecode()
  * that don't take a size parameter, where we need to skip the bounds checks.