commit a5f2e4d421fa50c5e7fe3f7dc4a98e1e97ddfc74
author Elliott Hughes <enh@google.com> Wed Apr 27 13:59:49 2022 -0700
committer Elliott Hughes <enh@google.com> Wed Apr 27 14:29:44 2022 -0700
tree 534e950b11fe330d879039ff5eb345459cb0364f
parent ee711eda88d5789d6227e0b3693104ad171cd739

libutils: clearer abort on overflow.

Let's turn a bug into a feature... Since this code is built with intsan,
anyone who caused overflow here will have had an abort, so we know
no-one actually needs the BAD_INDEX return that was presumably the
original author's intent. So let's just mandate that, since it's a lot
harder to ignore an abort than it is to ignore an error return.

Bug: http://b/179044558
Test: treehugger
Change-Id: I08f1018f9da1e09de885699138b7543d55bb2a36

libutils/VectorImpl.cpp

diff --git a/libutils/VectorImpl.cpp b/libutils/VectorImpl.cpp
index c97a19b..d951b8b 100644
--- a/libutils/VectorImpl.cpp
+++ b/libutils/VectorImpl.cpp
@@ -279,14 +279,12 @@
 
 ssize_t VectorImpl::removeItemsAt(size_t index, size_t count)
 {
-    ALOG_ASSERT((index+count)<=size(),
-        "[%p] remove: index=%d, count=%d, size=%d",
-               this, (int)index, (int)count, (int)size());
-
-    if ((index+count) > size())
-        return BAD_VALUE;
-   _shrink(index, count);
-   return index;
+    size_t end;
+    LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(index, count, &end), "overflow: index=%zu count=%zu",
+                        index, count);
+    if (end > size()) return BAD_VALUE;
+    _shrink(index, count);
+    return index;
 }
 
 void VectorImpl::finish_vector()