Renamed SDL_size_add_overflow() and SDL_size_mul_overflow()

docs/README-migration.md

@@ -1723,6 +1723,8 @@ The following macros have been removed:
 * SDL_TABLESIZE() - use SDL_arraysize() instead
 
 The following functions have been renamed:
+* SDL_size_add_overflow() => SDL_size_add_check_overflow()
+* SDL_size_mul_overflow() => SDL_size_mul_check_overflow()
 * SDL_strtokr() => SDL_strtok_r()
 
 The following functions have been removed:

include/SDL3/SDL_oldnames.h

@@ -581,6 +581,8 @@
 
 /* ##SDL_stdinc.h */
 #define SDL_TABLESIZE SDL_arraysize
+#define SDL_size_add_overflow SDL_size_add_check_overflow
+#define SDL_size_mul_overflow SDL_size_mul_check_overflow
 #define SDL_strtokr SDL_strtok_r
 
 /* ##SDL_surface.h */
@@ -1205,6 +1207,8 @@
 
 /* ##SDL_stdinc.h */
 #define SDL_TABLESIZE SDL_TABLESIZE_renamed_SDL_arraysize
+#define SDL_size_add_overflow SDL_size_add_overflow_renamed_SDL_size_add_check_overflow
+#define SDL_size_mul_overflow SDL_size_mul_overflow_renamed_SDL_size_mul_check_overflow
 #define SDL_strtokr SDL_strtokr_renamed_SDL_strtok_r
 
 /* ##SDL_surface.h */

include/SDL3/SDL_stdinc.h

@@ -3082,29 +3082,27 @@ size_t wcslcat(wchar_t *dst, const wchar_t *src, size_t size);
 /**
  * Multiply two integers, checking for overflow.
  *
- * If `a * b` would overflow, return -1.
+ * If `a * b` would overflow, return SDL_FALSE.
  *
- * Otherwise store `a * b` via ret and return 0.
+ * Otherwise store `a * b` via ret and return SDL_TRUE.
  *
  * \param a the multiplicand.
  * \param b the multiplier.
  * \param ret on non-overflow output, stores the multiplication result. May
  *            not be NULL.
- * \returns -1 on overflow, 0 if result doesn't overflow.
+ * \returns SDL_FALSE on overflow, SDL_TRUE if result is multiplied without overflow.
  *
  * \threadsafety It is safe to call this function from any thread.
  *
  * \since This function is available since SDL 3.0.0.
  */
-SDL_FORCE_INLINE int SDL_size_mul_overflow (size_t a,
-                                            size_t b,
-                                            size_t *ret)
+SDL_FORCE_INLINE SDL_bool SDL_size_mul_check_overflow(size_t a, size_t b, size_t *ret)
 {
     if (a != 0 && b > SDL_SIZE_MAX / a) {
-        return -1;
+        return SDL_FALSE;
     }
     *ret = a * b;
-    return 0;
+    return SDL_TRUE;
 }
 
 #ifndef SDL_WIKI_DOCUMENTATION_SECTION
@@ -3112,13 +3110,11 @@ SDL_FORCE_INLINE int SDL_size_mul_overflow (size_t a,
 /* This needs to be wrapped in an inline rather than being a direct #define,
  * because __builtin_mul_overflow() is type-generic, but we want to be
  * consistent about interpreting a and b as size_t. */
-SDL_FORCE_INLINE int SDL_size_mul_overflow_builtin (size_t a,
-                                                     size_t b,
-                                                     size_t *ret)
+SDL_FORCE_INLINE SDL_bool SDL_size_mul_check_overflow_builtin(size_t a, size_t b, size_t *ret)
 {
-    return __builtin_mul_overflow(a, b, ret) == 0 ? 0 : -1;
+    return (__builtin_mul_overflow(a, b, ret) == 0);
 }
-#define SDL_size_mul_overflow(a, b, ret) (SDL_size_mul_overflow_builtin(a, b, ret))
+#define SDL_size_mul_check_overflow(a, b, ret) SDL_size_mul_check_overflow_builtin(a, b, ret)
 #endif
 #endif
 
@@ -3133,34 +3129,30 @@ SDL_FORCE_INLINE int SDL_size_mul_overflow_builtin (size_t a,
  * \param b the second addend.
  * \param ret on non-overflow output, stores the addition result. May not be
  *            NULL.
- * \returns -1 on overflow, 0 if result doesn't overflow.
+ * \returns SDL_FALSE on overflow, SDL_TRUE if result is added without overflow.
  *
  * \threadsafety It is safe to call this function from any thread.
  *
  * \since This function is available since SDL 3.0.0.
  */
-SDL_FORCE_INLINE int SDL_size_add_overflow (size_t a,
-                                            size_t b,
-                                            size_t *ret)
+SDL_FORCE_INLINE SDL_bool SDL_size_add_check_overflow(size_t a, size_t b, size_t *ret)
 {
     if (b > SDL_SIZE_MAX - a) {
-        return -1;
+        return SDL_FALSE;
     }
     *ret = a + b;
-    return 0;
+    return SDL_TRUE;
 }
 
 #ifndef SDL_WIKI_DOCUMENTATION_SECTION
 #if SDL_HAS_BUILTIN(__builtin_add_overflow)
 /* This needs to be wrapped in an inline rather than being a direct #define,
  * the same as the call to __builtin_mul_overflow() above. */
-SDL_FORCE_INLINE int SDL_size_add_overflow_builtin (size_t a,
-                                                     size_t b,
-                                                     size_t *ret)
+SDL_FORCE_INLINE SDL_bool SDL_size_add_check_overflow_builtin(size_t a, size_t b, size_t *ret)
 {
-    return __builtin_add_overflow(a, b, ret) == 0 ? 0 : -1;
+    return (__builtin_add_overflow(a, b, ret) == 0);
 }
-#define SDL_size_add_overflow(a, b, ret) (SDL_size_add_overflow_builtin(a, b, ret))
+#define SDL_size_add_check_overflow(a, b, ret) SDL_size_add_check_overflow_builtin(a, b, ret)
 #endif
 #endif
 

src/SDL_assert.c

@@ -175,7 +175,7 @@ static SDL_AssertState SDLCALL SDL_PromptAssertion(const SDL_AssertData *data, v
 
     // .. and if it didn't, try to allocate as much room as we actually need.
     if (len >= (int)buf_len) {
-        if (SDL_size_add_overflow(len, 1, &buf_len) == 0) {
+        if (SDL_size_add_check_overflow(len, 1, &buf_len)) {
             message = (char *)SDL_malloc(buf_len);
             if (message) {
                 len = SDL_RenderAssertMessage(message, buf_len, data);

src/SDL_log.c

@@ -480,7 +480,7 @@ void SDL_LogMessageV(int category, SDL_LogPriority priority, SDL_PRINTF_FORMAT_S
     }
 
     // If message truncated, allocate and re-render
-    if (len >= sizeof(stack_buf) && SDL_size_add_overflow(len, 1, &len_plus_term) == 0) {
+    if (len >= sizeof(stack_buf) && SDL_size_add_check_overflow(len, 1, &len_plus_term)) {
         // Allocate exactly what we need, including the zero-terminator
         message = (char *)SDL_malloc(len_plus_term);
         if (!message) {

src/stdlib/SDL_stdlib.c

@@ -539,9 +539,9 @@ void *SDL_aligned_alloc(size_t alignment, size_t size)
     }
     padding = (alignment - (size % alignment));
 
-    if (SDL_size_add_overflow(size, alignment, &size) == 0 &&
-        SDL_size_add_overflow(size, sizeof(void *), &size) == 0 &&
-        SDL_size_add_overflow(size, padding, &size) == 0) {
+    if (SDL_size_add_check_overflow(size, alignment, &size) &&
+        SDL_size_add_check_overflow(size, sizeof(void *), &size) &&
+        SDL_size_add_check_overflow(size, padding, &size)) {
         void *original = SDL_malloc(size);
         if (original) {
             // Make sure we have enough space to store the original pointer

src/video/SDL_RLEaccel.c

@@ -1456,7 +1456,7 @@ static bool UnRLEAlpha(SDL_Surface *surface)
         uncopy_opaque = uncopy_transl = uncopy_32;
     }
 
-    if (SDL_size_mul_overflow(surface->h, surface->pitch, &size)) {
+    if (!SDL_size_mul_check_overflow(surface->h, surface->pitch, &size)) {
         return false;
     }
 
@@ -1527,7 +1527,7 @@ void SDL_UnRLESurface(SDL_Surface *surface, bool recode)
                 size_t size;
 
                 // re-create the original surface
-                if (SDL_size_mul_overflow(surface->h, surface->pitch, &size)) {
+                if (!SDL_size_mul_check_overflow(surface->h, surface->pitch, &size)) {
                     // Memory corruption?
                     surface->internal->flags |= SDL_INTERNAL_SURFACE_RLEACCEL;
                     return;

src/video/SDL_surface.c

@@ -61,27 +61,27 @@ void SDL_UpdateSurfaceLockFlag(SDL_Surface *surface)
 static bool SDL_CalculateRGBSize(Uint32 format, size_t width, size_t height, size_t *size, size_t *pitch, bool minimal)
 {
     if (SDL_BITSPERPIXEL(format) >= 8) {
-        if (SDL_size_mul_overflow(width, SDL_BYTESPERPIXEL(format), pitch)) {
+        if (!SDL_size_mul_check_overflow(width, SDL_BYTESPERPIXEL(format), pitch)) {
             return SDL_SetError("width * bpp would overflow");
         }
     } else {
-        if (SDL_size_mul_overflow(width, SDL_BITSPERPIXEL(format), pitch)) {
+        if (!SDL_size_mul_check_overflow(width, SDL_BITSPERPIXEL(format), pitch)) {
             return SDL_SetError("width * bpp would overflow");
         }
-        if (SDL_size_add_overflow(*pitch, 7, pitch)) {
+        if (!SDL_size_add_check_overflow(*pitch, 7, pitch)) {
             return SDL_SetError("aligning pitch would overflow");
         }
         *pitch /= 8;
     }
     if (!minimal) {
         // 4-byte aligning for speed
-        if (SDL_size_add_overflow(*pitch, 3, pitch)) {
+        if (!SDL_size_add_check_overflow(*pitch, 3, pitch)) {
             return SDL_SetError("aligning pitch would overflow");
         }
         *pitch &= ~3;
     }
 
-    if (SDL_size_mul_overflow(height, *pitch, size)) {
+    if (!SDL_size_mul_check_overflow(height, *pitch, size)) {
         return SDL_SetError("height * pitch would overflow");
     }
 

src/video/SDL_yuv.c

@@ -43,7 +43,7 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
         {
             /* sz_plane == w * h; */
             size_t s1;
-            if (SDL_size_mul_overflow(w, h, &s1) < 0) {
+            if (!SDL_size_mul_check_overflow(w, h, &s1)) {
                 return SDL_SetError("width * height would overflow");
             }
             sz_plane = (int) s1;
@@ -52,15 +52,15 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
         {
             /* sz_plane_chroma == ((w + 1) / 2) * ((h + 1) / 2); */
             size_t s1, s2, s3;
-            if (SDL_size_add_overflow(w, 1, &s1) < 0) {
+            if (!SDL_size_add_check_overflow(w, 1, &s1)) {
                 return SDL_SetError("width + 1 would overflow");
             }
             s1 = s1 / 2;
-            if (SDL_size_add_overflow(h, 1, &s2) < 0) {
+            if (!SDL_size_add_check_overflow(h, 1, &s2)) {
                 return SDL_SetError("height + 1 would overflow");
             }
             s2 = s2 / 2;
-            if (SDL_size_mul_overflow(s1, s2, &s3) < 0) {
+            if (!SDL_size_mul_check_overflow(s1, s2, &s3)) {
                 return SDL_SetError("width * height would overflow");
             }
             sz_plane_chroma = (int) s3;
@@ -68,11 +68,11 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
     } else {
         /* sz_plane_packed == ((w + 1) / 2) * h; */
         size_t s1, s2;
-        if (SDL_size_add_overflow(w, 1, &s1) < 0) {
+        if (!SDL_size_add_check_overflow(w, 1, &s1)) {
             return SDL_SetError("width + 1 would overflow");
         }
         s1 = s1 / 2;
-        if (SDL_size_mul_overflow(s1, h, &s2) < 0) {
+        if (!SDL_size_mul_check_overflow(s1, h, &s2)) {
             return SDL_SetError("width * height would overflow");
         }
         sz_plane_packed = (int) s2;
@@ -89,10 +89,10 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
         if (size) {
             // dst_size == sz_plane + sz_plane_chroma + sz_plane_chroma;
             size_t s1, s2;
-            if (SDL_size_add_overflow(sz_plane, sz_plane_chroma, &s1) < 0) {
+            if (!SDL_size_add_check_overflow(sz_plane, sz_plane_chroma, &s1)) {
                 return SDL_SetError("Y + U would overflow");
             }
-            if (SDL_size_add_overflow(s1, sz_plane_chroma, &s2) < 0) {
+            if (!SDL_size_add_check_overflow(s1, sz_plane_chroma, &s2)) {
                 return SDL_SetError("Y + U + V would overflow");
             }
             *size = (int)s2;
@@ -106,11 +106,11 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
         if (pitch) {
             /* pitch == ((w + 1) / 2) * 4; */
            size_t p1, p2;
-           if (SDL_size_add_overflow(w, 1, &p1) < 0) {
+           if (!SDL_size_add_check_overflow(w, 1, &p1)) {
                return SDL_SetError("width + 1 would overflow");
            }
            p1 = p1 / 2;
-           if (SDL_size_mul_overflow(p1, 4, &p2) < 0) {
+           if (!SDL_size_mul_check_overflow(p1, 4, &p2)) {
                return SDL_SetError("width * 4 would overflow");
            }
            *pitch = p2;
@@ -119,7 +119,7 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
         if (size) {
             /* dst_size == 4 * sz_plane_packed; */
             size_t s1;
-            if (SDL_size_mul_overflow(sz_plane_packed, 4, &s1) < 0) {
+            if (!SDL_size_mul_check_overflow(sz_plane_packed, 4, &s1)) {
                 return SDL_SetError("plane * 4 would overflow");
             }
             *size = (int) s1;
@@ -135,10 +135,10 @@ bool SDL_CalculateYUVSize(SDL_PixelFormat format, int w, int h, size_t *size, si
         if (size) {
             // dst_size == sz_plane + sz_plane_chroma + sz_plane_chroma;
             size_t s1, s2;
-            if (SDL_size_add_overflow(sz_plane, sz_plane_chroma, &s1) < 0) {
+            if (!SDL_size_add_check_overflow(sz_plane, sz_plane_chroma, &s1)) {
                 return SDL_SetError("Y + U would overflow");
             }
-            if (SDL_size_add_overflow(s1, sz_plane_chroma, &s2) < 0) {
+            if (!SDL_size_add_check_overflow(s1, sz_plane_chroma, &s2)) {
                 return SDL_SetError("Y + U + V would overflow");
             }
             *size = (int) s2;

test/testautomation_stdlib.c

@@ -917,32 +917,32 @@ typedef struct
     size_t a;
     size_t b;
     size_t result;
-    int status;
+    SDL_bool status;
 } overflow_test;
 
 static const overflow_test multiplications[] = {
-    { 1, 1, 1, 0 },
-    { 0, 0, 0, 0 },
-    { SDL_SIZE_MAX, 0, 0, 0 },
-    { SDL_SIZE_MAX, 1, SDL_SIZE_MAX, 0 },
-    { SDL_SIZE_MAX / 2, 2, SDL_SIZE_MAX - (SDL_SIZE_MAX % 2), 0 },
-    { SDL_SIZE_MAX / 23, 23, SDL_SIZE_MAX - (SDL_SIZE_MAX % 23), 0 },
-
-    { (SDL_SIZE_MAX / 2) + 1, 2, 0, -1 },
-    { (SDL_SIZE_MAX / 23) + 42, 23, 0, -1 },
-    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, -1 },
+    { 1, 1, 1, SDL_TRUE },
+    { 0, 0, 0, SDL_TRUE },
+    { SDL_SIZE_MAX, 0, 0, SDL_TRUE },
+    { SDL_SIZE_MAX, 1, SDL_SIZE_MAX, SDL_TRUE },
+    { SDL_SIZE_MAX / 2, 2, SDL_SIZE_MAX - (SDL_SIZE_MAX % 2), SDL_TRUE },
+    { SDL_SIZE_MAX / 23, 23, SDL_SIZE_MAX - (SDL_SIZE_MAX % 23), SDL_TRUE },
+
+    { (SDL_SIZE_MAX / 2) + 1, 2, 0, SDL_FALSE },
+    { (SDL_SIZE_MAX / 23) + 42, 23, 0, SDL_FALSE },
+    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, SDL_FALSE },
 };
 
 static const overflow_test additions[] = {
-    { 1, 1, 2, 0 },
-    { 0, 0, 0, 0 },
-    { SDL_SIZE_MAX, 0, SDL_SIZE_MAX, 0 },
-    { SDL_SIZE_MAX - 1, 1, SDL_SIZE_MAX, 0 },
-    { SDL_SIZE_MAX - 42, 23, SDL_SIZE_MAX - (42 - 23), 0 },
-
-    { SDL_SIZE_MAX, 1, 0, -1 },
-    { SDL_SIZE_MAX, 23, 0, -1 },
-    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, -1 },
+    { 1, 1, 2, SDL_TRUE },
+    { 0, 0, 0, SDL_TRUE },
+    { SDL_SIZE_MAX, 0, SDL_SIZE_MAX, SDL_TRUE },
+    { SDL_SIZE_MAX - 1, 1, SDL_SIZE_MAX, SDL_TRUE },
+    { SDL_SIZE_MAX - 42, 23, SDL_SIZE_MAX - (42 - 23), SDL_TRUE },
+
+    { SDL_SIZE_MAX, 1, 0, SDL_FALSE },
+    { SDL_SIZE_MAX, 23, 0, SDL_FALSE },
+    { SDL_SIZE_MAX, SDL_SIZE_MAX, 0, SDL_FALSE },
 };
 
 static int
@@ -964,22 +964,22 @@ stdlib_overflow(void *arg)
             size_t result = ~t->result;
 
             if (useBuiltin) {
-                status = SDL_size_mul_overflow(t->a, t->b, &result);
+                status = SDL_size_mul_check_overflow(t->a, t->b, &result);
             } else {
                 /* This disables the macro that tries to use a gcc/clang
                  * builtin, so we test the fallback implementation instead. */
-                status = (SDL_size_mul_overflow)(t->a, t->b, &result);
+                status = (SDL_size_mul_check_overflow)(t->a, t->b, &result);
             }
 
-            if (t->status == 0) {
-                SDLTest_AssertCheck(status == 0,
+            if (t->status) {
+                SDLTest_AssertCheck(status,
                                     "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should succeed",
                                     t->a, t->b);
                 SDLTest_AssertCheck(result == t->result,
                                     "(%" SIZE_FORMAT " * %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                     t->a, t->b, t->result, result);
             } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                     "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should fail",
                                     t->a, t->b);
             }
@@ -991,20 +991,20 @@ stdlib_overflow(void *arg)
             result = ~t->result;
 
             if (useBuiltin) {
-                status = SDL_size_mul_overflow(t->b, t->a, &result);
+                status = SDL_size_mul_check_overflow(t->b, t->a, &result);
             } else {
-                status = (SDL_size_mul_overflow)(t->b, t->a, &result);
+                status = (SDL_size_mul_check_overflow)(t->b, t->a, &result);
             }
 
-            if (t->status == 0) {
-                SDLTest_AssertCheck(status == 0,
+            if (t->status) {
+                SDLTest_AssertCheck(status,
                                     "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should succeed",
                                     t->b, t->a);
                 SDLTest_AssertCheck(result == t->result,
                                     "(%" SIZE_FORMAT " * %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                     t->b, t->a, t->result, result);
             } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                     "(%" SIZE_FORMAT " * %" SIZE_FORMAT ") should fail",
                                     t->b, t->a);
             }
@@ -1012,24 +1012,24 @@ stdlib_overflow(void *arg)
 
         for (i = 0; i < SDL_arraysize(additions); i++) {
             const overflow_test *t = &additions[i];
-            int status;
+            SDL_bool status;
             size_t result = ~t->result;
 
             if (useBuiltin) {
-                status = SDL_size_add_overflow(t->a, t->b, &result);
+                status = SDL_size_add_check_overflow(t->a, t->b, &result);
             } else {
-                status = (SDL_size_add_overflow)(t->a, t->b, &result);
+                status = (SDL_size_add_check_overflow)(t->a, t->b, &result);
             }
 
-            if (t->status == 0) {
-                SDLTest_AssertCheck(status == 0,
+            if (t->status) {
+                SDLTest_AssertCheck(status,
                                     "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should succeed",
                                     t->a, t->b);
                 SDLTest_AssertCheck(result == t->result,
                                     "(%" SIZE_FORMAT " + %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                     t->a, t->b, t->result, result);
             } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                     "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should fail",
                                     t->a, t->b);
             }
@@ -1041,20 +1041,20 @@ stdlib_overflow(void *arg)
             result = ~t->result;
 
             if (useBuiltin) {
-                status = SDL_size_add_overflow(t->b, t->a, &result);
+                status = SDL_size_add_check_overflow(t->b, t->a, &result);
             } else {
-                status = (SDL_size_add_overflow)(t->b, t->a, &result);
+                status = (SDL_size_add_check_overflow)(t->b, t->a, &result);
             }
 
-            if (t->status == 0) {
-                SDLTest_AssertCheck(status == 0,
+            if (t->status) {
+                SDLTest_AssertCheck(status,
                                     "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should succeed",
                                     t->b, t->a);
                 SDLTest_AssertCheck(result == t->result,
                                     "(%" SIZE_FORMAT " + %" SIZE_FORMAT "): expected %" SIZE_FORMAT ", got %" SIZE_FORMAT,
                                     t->b, t->a, t->result, result);
             } else {
-                SDLTest_AssertCheck(status == -1,
+                SDLTest_AssertCheck(!status,
                                     "(%" SIZE_FORMAT " + %" SIZE_FORMAT ") should fail",
                                     t->b, t->a);
             }