microsoft · dthaler · Aug 22, 2023 · Aug 21, 2023
@@ -0,0 +1,36 @@
+// Copyright (c) Microsoft Corporation
+// SPDX-License-Identifier: MIT
+
+#if !defined(CMAKE_NUGET)
+#include <catch2/catch_all.hpp>
+#else
+#include <catch2/catch.hpp>
+#endif
+#include "cxplat.h"
+
+TEST_CASE("cxplat_safe_size_t_multiply", "[size]")
+{
+    size_t result;
+    REQUIRE(cxplat_safe_size_t_multiply(3, 5, &result) == CXPLAT_STATUS_SUCCESS);
+    REQUIRE(result == 15);
+
+    REQUIRE(cxplat_safe_size_t_multiply(SIZE_MAX, 2, &result) == CXPLAT_STATUS_ARITHMETIC_OVERFLOW);
+}
+
+TEST_CASE("cxplat_safe_size_t_add", "[size]")
+{
+    size_t result;
+    REQUIRE(cxplat_safe_size_t_add(3, 5, &result) == CXPLAT_STATUS_SUCCESS);
+    REQUIRE(result == 8);
+
+    REQUIRE(cxplat_safe_size_t_add(SIZE_MAX, 2, &result) == CXPLAT_STATUS_ARITHMETIC_OVERFLOW);
+}
+
+TEST_CASE("cxplat_safe_size_t_subtract", "[size]")
+{
+    size_t result;
+    REQUIRE(cxplat_safe_size_t_subtract(5, 3, &result) == CXPLAT_STATUS_SUCCESS);
+    REQUIRE(result == 2);
+
+    REQUIRE(cxplat_safe_size_t_subtract(3, 5, &result) == CXPLAT_STATUS_ARITHMETIC_OVERFLOW);
+}
@@ -131,6 +131,7 @@
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="cxplat_memory_test.cpp" />
+    <ClCompile Include="cxplat_size_test.cpp" />
   </ItemGroup>
   <ItemGroup>
     <None Include="packages.config" />

@@ -18,6 +18,9 @@
     <ClCompile Include="cxplat_memory_test.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="cxplat_size_test.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="packages.config" />

@@ -4,6 +4,7 @@
 
 #include "cxplat_fault_injection.h"
 #include "cxplat_memory.h"
+#include "cxplat_size.h"
 
 CXPLAT_EXTERN_C_BEGIN
 

@@ -34,4 +34,5 @@
 typedef _Return_type_success_(CXPLAT_SUCCEEDED(return )) enum {
     CXPLAT_STATUS_SUCCESS = CXPLAT_PLATFORM_STATUS_SUCCESS,
     CXPLAT_STATUS_NO_MEMORY = CXPLAT_PLATFORM_STATUS_NO_MEMORY,
+    CXPLAT_STATUS_ARITHMETIC_OVERFLOW = CXPLAT_PLATFORM_STATUS_ARITHMETIC_OVERFLOW,
 } cxplat_status_t;
@@ -0,0 +1,48 @@
+// Copyright (c) Microsoft Corporation
+// SPDX-License-Identifier: MIT
+#pragma once
+
+#include "cxplat_common.h"
+#include <stdbool.h>
+
+CXPLAT_EXTERN_C_BEGIN
+
+/**
+ * @brief Multiplies one value of type size_t by another and check for
+ *   overflow.
+ * @param[in] multiplicand The value to be multiplied by multiplier.
+ * @param[in] multiplier The value by which to multiply multiplicand.
+ * @param[out] result A pointer to the result.
+ * @retval CXPLAT_STATUS_SUCCESS The operation was successful.
+ * @retval CXPLAT_STATUS_ARITHMETIC_OVERFLOW Multiplication overflowed.
+ */
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_multiply(
+    size_t multiplicand, size_t multiplier, _Out_ _Deref_out_range_(==, multiplicand* multiplier) size_t* result);
+
+/**
+ * @brief Add one value of type size_t by another and check for
+ *   overflow.
+ * @param[in] augend The value to be added by addend.
+ * @param[in] addend The value add to augend.
+ * @param[out] result A pointer to the result.
+ * @retval CXPLAT_STATUS_SUCCESS The operation was successful.
+ * @retval CXPLAT_STATUS_ARITHMETIC_OVERFLOW Addition overflowed.
+ */
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_add(size_t augend, size_t addend, _Out_ _Deref_out_range_(==, augend + addend) size_t* result);
+
+/**
+ * @brief Subtract one value of type size_t from another and check for
+ *   overflow or underflow.
+ * @param[in] minuend The value from which subtrahend is subtracted.
+ * @param[in] subtrahend The value subtract from minuend.
+ * @param[out] result A pointer to the result.
+ * @retval CXPLAT_STATUS_SUCCESS The operation was successful.
+ * @retval CXPLAT_STATUS_ARITHMETIC_OVERFLOW Addition overflowed or underflowed.
+ */
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_subtract(
+    size_t minuend, size_t subtrahend, _Out_ _Deref_out_range_(==, minuend - subtrahend) size_t* result);
+
+CXPLAT_EXTERN_C_END
@@ -10,5 +10,6 @@
 // Map specific cxplat_status_t values to HRESULT values.
 #define CXPLAT_PLATFORM_STATUS_SUCCESS STATUS_SUCCESS
 #define CXPLAT_PLATFORM_STATUS_NO_MEMORY STATUS_NO_MEMORY
+#define CXPLAT_PLATFORM_STATUS_ARITHMETIC_OVERFLOW STATUS_INTEGER_OVERFLOW
 
 #define CXPLAT_SUCCEEDED(status) NT_SUCCESS(status)
@@ -6,5 +6,6 @@
 // Map specific cxplat_status_t values to HRESULT values.
 #define CXPLAT_PLATFORM_STATUS_SUCCESS S_OK
 #define CXPLAT_PLATFORM_STATUS_NO_MEMORY __HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY)
+#define CXPLAT_PLATFORM_STATUS_ARITHMETIC_OVERFLOW __HRESULT_FROM_WIN32(ERROR_ARITHMETIC_OVERFLOW)
 
 #define CXPLAT_SUCCEEDED(status) SUCCEEDED((HRESULT)(status))
@@ -33,12 +33,14 @@
   <ItemGroup>
     <ClCompile Include="..\memory.c" />
     <ClCompile Include="memory_winkernel.c" />
+    <ClCompile Include="size_winkernel.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\inc\cxplat.h" />
     <ClInclude Include="..\..\inc\cxplat_common.h" />
     <ClInclude Include="..\..\inc\cxplat_fault_injection.h" />
     <ClInclude Include="..\..\inc\cxplat_memory.h" />
+    <ClInclude Include="..\..\inc\cxplat_size.h" />
     <ClInclude Include="..\..\inc\winkernel\cxplat_platform.h" />
     <ClInclude Include="..\..\inc\winkernel\cxplat_winkernel.h" />
   </ItemGroup>

@@ -41,5 +41,8 @@
     <ClInclude Include="..\..\inc\winkernel\cxplat_winkernel.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\inc\cxplat_size.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
 </Project>
@@ -0,0 +1,27 @@
+// Copyright (c) Microsoft Corporation
+// SPDX-License-Identifier: MIT
+#include "cxplat.h"
+#include <ntintsafe.h>
+
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_multiply(
+    size_t multiplicand, size_t multiplier, _Out_ _Deref_out_range_(==, multiplicand* multiplier) size_t* result)
+{
+    return RtlSizeTMult(multiplicand, multiplier, result) == STATUS_SUCCESS ? CXPLAT_STATUS_SUCCESS
+                                                                            : CXPLAT_STATUS_ARITHMETIC_OVERFLOW;
+}
+
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_add(size_t augend, size_t addend, _Out_ _Deref_out_range_(==, augend + addend) size_t* result)
+{
+    return RtlSizeTAdd(augend, addend, result) == STATUS_SUCCESS ? CXPLAT_STATUS_SUCCESS
+                                                                 : CXPLAT_STATUS_ARITHMETIC_OVERFLOW;
+}
+
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_subtract(
+    size_t minuend, size_t subtrahend, _Out_ _Deref_out_range_(==, minuend - subtrahend) size_t* result)
+{
+    return RtlSizeTSub(minuend, subtrahend, result) == STATUS_SUCCESS ? CXPLAT_STATUS_SUCCESS
+                                                                      : CXPLAT_STATUS_ARITHMETIC_OVERFLOW;
+}
@@ -143,6 +143,7 @@
     <ClInclude Include="..\..\inc\cxplat_common.h" />
     <ClInclude Include="..\..\inc\cxplat_fault_injection.h" />
     <ClInclude Include="..\..\inc\cxplat_memory.h" />
+    <ClInclude Include="..\..\inc\cxplat_size.h" />
     <ClInclude Include="..\..\inc\winuser\cxplat_platform.h" />
     <ClInclude Include="..\..\inc\winuser\cxplat_winuser.h" />
     <ClInclude Include="leak_detector.h" />
@@ -155,6 +156,7 @@
     <ClCompile Include="fault_injection.cpp" />
     <ClCompile Include="leak_detector.cpp" />
     <ClCompile Include="memory_winuser.cpp" />
+    <ClCompile Include="size_winuser.c" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

@@ -42,6 +42,9 @@
     <ClInclude Include="..\..\inc\cxplat_memory.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\inc\cxplat_size.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="fault_injection.cpp">
@@ -59,5 +62,8 @@
     <ClCompile Include="..\memory.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="size_winuser.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>
@@ -0,0 +1,25 @@
+// Copyright (c) Microsoft Corporation
+// SPDX-License-Identifier: MIT
+#include "cxplat.h"
+#include <intsafe.h>
+
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_multiply(
+    size_t multiplicand, size_t multiplier, _Out_ _Deref_out_range_(==, multiplicand* multiplier) size_t* result)
+{
+    return SUCCEEDED(SizeTMult(multiplicand, multiplier, result)) ? CXPLAT_STATUS_SUCCESS
+                                                                  : CXPLAT_STATUS_ARITHMETIC_OVERFLOW;
+}
+
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_add(size_t augend, size_t addend, _Out_ _Deref_out_range_(==, augend + addend) size_t* result)
+{
+    return SUCCEEDED(SizeTAdd(augend, addend, result)) ? CXPLAT_STATUS_SUCCESS : CXPLAT_STATUS_ARITHMETIC_OVERFLOW;
+}
+
+_Must_inspect_result_ cxplat_status_t
+cxplat_safe_size_t_subtract(
+    size_t minuend, size_t subtrahend, _Out_ _Deref_out_range_(==, minuend - subtrahend) size_t* result)
+{
+    return SUCCEEDED(SizeTSub(minuend, subtrahend, result)) ? CXPLAT_STATUS_SUCCESS : CXPLAT_STATUS_ARITHMETIC_OVERFLOW;
+}