X-Git-Url: https://git.ozlabs.org/?p=ccan;a=blobdiff_plain;f=ccan%2Ftally%2Ftally.c;h=7eec70d39323429e259e08f04d195fd97472f57b;hp=b89b0600ac301d0f5d088cb5a31176c841e1c8c3;hb=4f438157901f6784cd47135e50deb204fc0c230b;hpb=60b47bf5e0878f014eb1e33e7784c92e43e2fcb6

diff --git a/ccan/tally/tally.c b/ccan/tally/tally.c
index b89b0600..7eec70d3 100644
--- a/ccan/tally/tally.c
+++ b/ccan/tally/tally.c
@@ -1,4 +1,4 @@
-#include "config.h"
+/* Licensed under LGPLv3+ - see LICENSE file for details */
 #include <ccan/tally/tally.h>
 #include <ccan/build_assert/build_assert.h>
 #include <ccan/likely/likely.h>
@@ -7,6 +7,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <assert.h>
+#include <stdlib.h>
 
 #define SIZET_BITS (sizeof(size_t)*CHAR_BIT)
 
@@ -24,29 +25,36 @@ struct tally *tally_new(unsigned buckets)
 	struct tally *tally;
 
 	/* There is always 1 bucket. */
-	if (buckets == 0)
+	if (buckets == 0) {
 		buckets = 1;
+	}
+
+	/* Overly cautious check for overflow. */
+	if (sizeof(*tally) * buckets / sizeof(*tally) != buckets) {
+		return NULL;
+	}
 
-	/* Check for overflow. */
-	if (buckets && SIZE_MAX / buckets < sizeof(tally->counts[0]))
+	tally = (struct tally *)malloc(
+		sizeof(*tally) + sizeof(tally->counts[0])*(buckets-1));
+	if (tally == NULL) {
 		return NULL;
-	tally = malloc(sizeof(*tally) + sizeof(tally->counts[0])*(buckets-1));
-	if (tally) {
-		tally->max = ((size_t)1 << (SIZET_BITS - 1));
-		tally->min = ~tally->max;
-		tally->total[0] = tally->total[1] = 0;
-		tally->buckets = buckets;
-		tally->step_bits = 0;
-		memset(tally->counts, 0, sizeof(tally->counts[0])*buckets);
 	}
+
+	tally->max = ((size_t)1 << (SIZET_BITS - 1));
+	tally->min = ~tally->max;
+	tally->total[0] = tally->total[1] = 0;
+	tally->buckets = buckets;
+	tally->step_bits = 0;
+	memset(tally->counts, 0, sizeof(tally->counts[0])*buckets);
 	return tally;
 }
 
 static unsigned bucket_of(ssize_t min, unsigned step_bits, ssize_t val)
 {
 	/* Don't over-shift. */
-	if (step_bits == SIZET_BITS)
+	if (step_bits == SIZET_BITS) {
 		return 0;
+	}
 	assert(step_bits < SIZET_BITS);
 	return (size_t)(val - min) >> step_bits;
 }
@@ -322,7 +330,7 @@ ssize_t tally_total(const struct tally *tally, ssize_t *overflow)
 	}
 
 	/* If result is negative, make sure we can represent it. */
-	if (tally->total[1] & (1 << (SIZET_BITS-1))) {
+	if (tally->total[1] & ((size_t)1 << (SIZET_BITS-1))) {
 		/* Must have only underflowed once, and must be able to
 		 * represent result at ssize_t. */
 		if ((~tally->total[1])+1 != 0
@@ -448,7 +456,7 @@ char *tally_histogram(const struct tally *tally,
 			largest_bucket = tally->counts[i];
 	}
 
-	p = graph = malloc(height * (width + 1) + 1);
+	p = graph = (char *)malloc(height * (width + 1) + 1);
 	if (!graph) {
 		free(tmp);
 		return NULL;