Re: trunk r113804: * decompress.c: Fix bugs with large buffers and weird inputs.

Re: trunk r113804: * decompress.c: Fix bugs with large buffers and weird inputs.

[Lars Magne Ingebrigtsen]

Paul Eggert <eggert@cs.ucla.edu> writes:

> +	 Do not make avail_out too large, as that might unduly delay C-g.  */
> +      ptrdiff_t avail_out = min (1 << 14, UINT_MAX);

For those of us who don't do shifts in our head, I guess that's
approximately (expt 2 14) => 16384.  Does Emacs compile on any systems
where UINT_MAX is smaller than 16384?

-- 
(domestic pets only, the antidote for overdose, milk.)
  No Gnus T-Shirt for sale: http://ingebrigtsen.no/no.php
  and http://lars.ingebrigtsen.no/2013/08/twenty-years-of-september.html

Re: trunk r113804: * decompress.c: Fix bugs with large buffers and weird inputs.

[Andreas Schwab]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> For those of us who don't do shifts in our head, I guess that's
> approximately (expt 2 14) => 16384.  Does Emacs compile on any systems
> where UINT_MAX is smaller than 16384?

UINT_MAX must be at least 65535.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Re: trunk r113804: * decompress.c: Fix bugs with large buffers and weird inputs.

[Paul Eggert]

Lars Magne Ingebrigtsen wrote:
>  Does Emacs compile on any systems
> where UINT_MAX is smaller than 16384?

No, that code was just trying to remind the reader that
the value cannot exceed UINT_MAX due to zlib constraints.
I redid the code and comment a bit to try to make this clearer,
in trunk bzr 113845.

Re: trunk r113804: * decompress.c: Fix bugs with large buffers and weird inputs.

[Lars Magne Ingebrigtsen]

Paul Eggert <eggert@cs.ucla.edu> writes:

> Lars Magne Ingebrigtsen wrote:
>>  Does Emacs compile on any systems
>> where UINT_MAX is smaller than 16384?
>
> No, that code was just trying to remind the reader that
> the value cannot exceed UINT_MAX due to zlib constraints.
> I redid the code and comment a bit to try to make this clearer,
> in trunk bzr 113845.

I think writing 1 << 14 and then checking whether that's larger than
UINT_MAX is still pretty unclear.  My first thought, at least, was
"geez, he's making a HUGE buffer gap", until I started doing the math.

Please just write 16384 or something.  It's not like it's a magical
number.

-- 
(domestic pets only, the antidote for overdose, milk.)
  No Gnus T-Shirt for sale: http://ingebrigtsen.no/no.php
  and http://lars.ingebrigtsen.no/2013/08/twenty-years-of-september.html

Re: trunk r113804: * decompress.c: Fix bugs with large buffers and weird inputs.

[Lars Magne Ingebrigtsen]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> I think writing 1 << 14 and then checking whether that's larger than
> UINT_MAX is still pretty unclear.  My first thought, at least, was
> "geez, he's making a HUGE buffer gap", until I started doing the math.

Here's the current code, abbreviated:

      /* Maximum number of bytes that one 'inflate' call should read and write.
	 Do not make avail_out too large, as that might unduly delay C-g.
	 In any case zlib requires that these values not exceed UINT_MAX.  */
      enum { avail_out = 1 << 14 };
      verify (avail_out <= UINT_MAX);

      ptrdiff_t decompressed;

      if (GAP_SIZE < avail_out)
	make_gap (avail_out - GAP_SIZE);
      stream.avail_out = avail_out;
      decompressed = avail_out - stream.avail_out;

I think it's pretty opaque.  What's with all the ptrdiff_t's when
inflate only takes ints, anyway?  And checking whether a constant is
larger than UINT_MAX is the thing that makes me go "wha?  Is there
something clever going on here that I don't understand?"

So why not do it simple and nice:

      /* Maximum number of bytes that one 'inflate' call should read and write.
	 Do not make buffer_size too large, as that might unduly delay C-g.  */
      int decompressed, buffer_size = 16384;

      if (GAP_SIZE < buffer_size)
	make_gap (buffer_size - GAP_SIZE);
      stream.avail_out = buffer_size;
      decompressed = buffer_size - stream.avail_out;

No odd constants, checks or explanations necessary.

Although this may violate the new apparent dictum that at least every
three lines need to compare with UINT_MAX, which seems to be the coding
standard lately.  >"?

-- 
(domestic pets only, the antidote for overdose, milk.)
  No Gnus T-Shirt for sale: http://ingebrigtsen.no/no.php
  and http://lars.ingebrigtsen.no/2013/08/twenty-years-of-september.html

Re: trunk r113804: * decompress.c: Fix bugs with large buffers and weird inputs.

[Paul Eggert]

Lars Magne Ingebrigtsen wrote:
> What's with all the ptrdiff_t's when
> inflate only takes ints, anyway?

'inflate' takes unsigned ints, not ints.

Anyway, I tried rewriting the code along the line
you suggested.  'buffer_size' is not a good name,
though, as multiple buffers are in play here,
so I continued to call that constant 'avail_out'
by analogy with the zlib avail_out.