Cast to uintmax_t *before* multiplying in space calculations

This ensures that all cases where the result actually does fit in a uintmax_t are correctly handled. Before, the multiplication could be performed in a smaller type, leading to an incorrect result or, worse, undefined behavior due to signed integer overflow. This fixes a test failure that was actually observed on an i686 Linux system.
gulrak · Jul 30, 2021 · 924d84a · 924d84a
1 parent d87ac13
commit 924d84a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/include/ghc/filesystem.hpp b/include/ghc/filesystem.hpp
@@ -4875,7 +4875,7 @@ GHC_INLINE space_info space(const path& p, std::error_code& ec) noexcept
         ec = detail::make_system_error();
         return {static_cast<uintmax_t>(-1), static_cast<uintmax_t>(-1), static_cast<uintmax_t>(-1)};
     }
-    return {static_cast<uintmax_t>(sfs.f_blocks * sfs.f_frsize), static_cast<uintmax_t>(sfs.f_bfree * sfs.f_frsize), static_cast<uintmax_t>(sfs.f_bavail * sfs.f_frsize)};
+    return {static_cast<uintmax_t>(sfs.f_blocks) * static_cast<uintmax_t>(sfs.f_frsize), static_cast<uintmax_t>(sfs.f_bfree) * static_cast<uintmax_t>(sfs.f_frsize), static_cast<uintmax_t>(sfs.f_bavail) * static_cast<uintmax_t>(sfs.f_frsize)};
 #endif
 }