Ad

How To Properly Check That An Off_t Value Won't Overflow When Converted To Size_t In C?

- 1 answer

I need to cast an off_t variable to a size_t variable, and I want to detect if an overflow might happen. In C.

My initial attempts looks like this:

off_t fsize;
size_t len;

...

if(fsize >= 0 && fsize <= SIZE_MAX) {
   len = (size_t)fsize;
} else {
   abort();
}

However, the compiler doesn't like my comparison between a signed and unsigned types (fsize <= SIZE_MAX). I can't really make assumptions about the respective sizes of the off_t and size_t types either.

Ad

Answer

I can't really make assumptions about the respective sizes of the off_t and size_t types either.

To compare mixed signed types whose comparable ranges are no clearly tied, cast to uintmax_t.


Once code knows the signedfsize >= 0 is true, casting to a wide unsigned type like uintmax_t will certainly not narrow the fsize value and quiet the warning.

if (fsize >= 0 && (uintmax_t) fsize <= SIZE_MAX) {

If the cast to uintmax_t is unnecessarily wide, I'd expect the compiler to still emit efficient code.

Ad
source: stackoverflow.com
Ad