Merge #74: Avoid >> above type width in BitWriter

sipa · sipa · commit 9e6127fa9895 · 2024-04-11T09:42:24.000+02:00
fe1040f Drop -Wno-shift-count-overflow compile flag (Pieter Wuille) 154bcd4 Avoid >> above type width in BitWriter (Pieter Wuille) Pull request description: For tiny fields (bits <= 8), the table type is `uint8_t`, which results in `BitWriter` using uint8_t logic as well. This is technically UB, as it performs right shifts of up to 8 positions. Avoid this by performing the BitWriter logic in either the table type, or `unsigned`, whichever is larger. This is an alternative to #71. ACKs for top commit: hebasto: re-ACK fe1040f. Only rebased since my [recent](#74 (review)) review. Tree-SHA512: fb41e125253d11f1662af77e9fc6e89ea7f4712f4fa5d500f483da3c6b325760d3ffedabedb7f15a7702223c86bc651b26004763e44c98d379cc2966ea0919a3
diff --git a/configure.ac b/configure.ac
@@ -104,11 +104,6 @@ esac
 AX_CHECK_COMPILE_FLAG([-Wall],[WARN_CXXFLAGS="$WARN_CXXFLAGS -Wall"],,[[$CXXFLAG_WERROR]])
 AX_CHECK_COMPILE_FLAG([-fvisibility=hidden],[CXXFLAGS="$CXXFLAGS -fvisibility=hidden"],[],[$CXXFLAG_WERROR])
 
-## Some compilers (gcc) ignore unknown -Wno-* options, but warn about all
-## unknown options if any other warning is produced. Test the -Wfoo case, and
-## set the -Wno-foo case if it works.
-AX_CHECK_COMPILE_FLAG([-Wshift-count-overflow],[NOWARN_CXXFLAGS="$NOWARN_CXXFLAGS -Wno-shift-count-overflow"],,[[$CXXFLAG_WERROR]])
-
 if test "x$use_ccache" != "xno"; then
   AC_MSG_CHECKING(if ccache should be used)
   if test x$CCACHE = x; then
diff --git a/src/int_utils.h b/src/int_utils.h
@@ -55,11 +55,10 @@ class BitWriter {
     int offset = 0;
     unsigned char* out;
 
-public:
-    BitWriter(unsigned char* output) : out(output) {}
-
     template<int BITS, typename I>
-    inline void Write(I val) {
+    inline void WriteInner(I val) {
+        // We right shift by up to 8 bits below. Verify that's well defined for the type I.
+        static_assert(std::numeric_limits<I>::digits > 8, "BitWriter::WriteInner needs I > 8 bits");
         int bits = BITS;
         if (bits + offset >= 8) {
             state |= ((val & ((I(1) << (8 - offset)) - 1)) << offset);
@@ -78,6 +77,19 @@ class BitWriter {
         offset += bits;
     }
 
+
+public:
+    BitWriter(unsigned char* output) : out(output) {}
+
+    template<int BITS, typename I>
+    inline void Write(I val) {
+        // If I is smaller than an unsigned int, invoke WriteInner with argument converted to unsigned.
+        using compute_type = typename std::conditional<
+            (std::numeric_limits<I>::digits < std::numeric_limits<unsigned>::digits),
+            unsigned, I>::type;
+        return WriteInner<BITS, compute_type>(val);
+    }
+
     inline void Flush() {
         if (offset) {
             *(out++) = state;
