On Wed, Aug 1, 2018 at 1:07 AM, Dan Carpenter <dan.carpen...@oracle.com> wrote:
> On Wed, Aug 01, 2018 at 10:57:44AM +0300, Dan Carpenter wrote:
>> The idea is nice, but I don't like the API. The "_overflow" feels too
>> specific because maybe we could check for other things in the future.
>> Normally boolean macros should say they are boolean in the name and I
>> would prefer if it returned zero on failure.
>>
>> if (!checked_shift(dest, mask, shift)) {
>> if (!shift_ok(dest, mask, shift)) {
>> if (!safe_shift(dest, mask, shift)) {
>
> Huh... It turns out I put the argument order different as well.
>
> If we wanted to keep it returning 1 on failure then some other names
> are:
>
> if (shift_failed(dest, mask, shift)) {
> if (shift_error(dest, mask, shift)) {
> if (shift_overflow(dest, mask, shift)) {
This is following the existing check_{add,mul}_overflow() helpers,
which are based on the gcc helpers. I'd like to keep things
consistent.
-Kees
--
Kees Cook
Pixel Security
