1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
use std::error::Error;
use std::fmt;
/// A given integer was so big that its representation as a C integer would be
/// negative.
#[derive(Debug, Clone, PartialEq)]
pub enum IntegerOrSdlError {
IntegerOverflows(&'static str, u32),
SdlError(String),
}
/// Validates and converts the given u32 to a positive C integer.
pub fn validate_int(value: u32, name: &'static str) -> Result<::libc::c_int, IntegerOrSdlError> {
use self::IntegerOrSdlError::*;
// Many SDL functions will accept `int` values, even if it doesn't make sense
// for the values to be negative.
// In the cases that SDL doesn't check negativity, passing negative values
// could be unsafe.
// For example, `SDL_JoystickGetButton` uses the index argument to access an
// array without checking if it's negative, which could potentially lead to
// segmentation faults.
if value >= 1 << 31 {
Err(IntegerOverflows(name, value))
} else {
Ok(value as ::libc::c_int)
}
}
impl fmt::Display for IntegerOrSdlError {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
use self::IntegerOrSdlError::*;
match *self {
IntegerOverflows(name, value) => write!(f, "Integer '{}' overflows ({})", name, value),
SdlError(ref e) => write!(f, "SDL error: {}", e),
}
}
}
impl Error for IntegerOrSdlError {
fn description(&self) -> &str {
use self::IntegerOrSdlError::*;
match *self {
IntegerOverflows(_, _) => "integer overflow",
SdlError(ref e) => e,
}
}
}