Extend the element size comparison between source and destination with
a full type check using an assignment. It is not actually evaluated and
even optimized out, but compilers check the types before getting to that
point, and report mismatches.
The stricter check improves safety, as it catches attempts to copy
between different types that happen to have the same size. The size
check is still needed to avoid allowing copies from a array with a
smaller element type to a bigger one, e.g. from a char array to an int
array, which would be allowed by the assignment check alone.
Signed-off-by: René Scharfe <l.s.r@xxxxxx>
---
git-compat-util.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/git-compat-util.h b/git-compat-util.h
index 76e4b11131..8d04832988 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -1094,6 +1094,7 @@ int xstrncmpz(const char *s, const char *t, size_t len);
#define REALLOC_ARRAY(x, alloc) (x) = xrealloc((x), st_mult(sizeof(*(x)), (alloc)))
#define COPY_ARRAY(dst, src, n) copy_array((dst), (src), (n), sizeof(*(dst)) + \
+ (0 ? (*(dst) = *(src), 0) : 0) + \
BUILD_ASSERT_OR_ZERO(sizeof(*(dst)) == sizeof(*(src))))
static inline void copy_array(void *dst, const void *src, size_t n, size_t size)
{
@@ -1102,6 +1103,7 @@ static inline void copy_array(void *dst, const void *src, size_t n, size_t size)
}
#define MOVE_ARRAY(dst, src, n) move_array((dst), (src), (n), sizeof(*(dst)) + \
+ (0 ? (*(dst) = *(src), 0) : 0) + \
BUILD_ASSERT_OR_ZERO(sizeof(*(dst)) == sizeof(*(src))))
static inline void move_array(void *dst, const void *src, size_t n, size_t size)
{
--
2.39.0
