Hi Paul, > > ! /* Type for holding very small pointer differences. */ > > ! typedef unsigned char small_t; > There should be a compile-time check guaranteeing that small_t is wide > enough.
OK, if you like. Applied: 2018-02-02 Paul Eggert <egg...@cs.ucla.edu> malloca: Add a compile-time verification. * lib/malloca.c (small_t): Verify that it is wide enough. * modules/malloca (Depends-on): Add verify. diff --git a/lib/malloca.c b/lib/malloca.c index c5321d1..c66e0c8 100644 --- a/lib/malloca.c +++ b/lib/malloca.c @@ -21,6 +21,8 @@ /* Specification. */ #include "malloca.h" +#include "verify.h" + /* The speed critical point in this file is freea() applied to an alloca() result: it must be fast, to match the speed of alloca(). The speed of mmalloca() and freea() in the other case are not critical, because they @@ -34,6 +36,8 @@ /* Type for holding very small pointer differences. */ typedef unsigned char small_t; +/* Verify that it is wide enough. */ +verify (2 * sa_alignment_max - 1 <= (small_t) -1); void * mmalloca (size_t n) diff --git a/modules/malloca b/modules/malloca index 8f5ab64..0ae3fe0 100644 --- a/modules/malloca +++ b/modules/malloca @@ -11,6 +11,7 @@ m4/longlong.m4 Depends-on: alloca-opt stdint +verify xalloc-oversized configure.ac: