Re: [PATCH] signed integer overflow undefined behavior

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] signed integer overflow undefined behavior

From:	Paul Eggert
Subject:	Re: [PATCH] signed integer overflow undefined behavior
Date:	Fri, 13 Dec 2013 14:01:58 -0800
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

On 12/12/2013 10:12 PM, Eric Lubin wrote:
> he disregards the fact that integer overflow is undefined in C
No, it's listed in FIXME comments:

/* FIXME: Check for arithmetic overflow in all cases, not just
   some of them.  */
...
/* FIXME: It also assumes that signed integer overflow silently wraps around,
   but this is not true any more with recent versions of GCC 4.  */

The patch you sent in doesn't look right, as it appears to assume
that time_t is the same width as 'long'.  Also, it incorrectly assumes
that t0, t1, t2, and t3 are nonnegative.  Furthermore, it'd be better to use the
INT_MULTIPLY_OVERFLOW and INT_ADD_OVERFLOW macros of intprops.h
rather than try to reinvent that wheel.

I should mention that the code is riddled with problems in this area,
e.g., apply_relative_time doesn't even check for overflow.  It'd be nice
if someone had the time to fix all this.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] signed integer overflow undefined behavior, Eric Lubin, 2013/12/13
- Re: [PATCH] signed integer overflow undefined behavior, Paul Eggert <=

Prev by Date: Re: SHA, MD, and openssl
Next by Date: Re: SHA, MD, and openssl
Previous by thread: [PATCH] signed integer overflow undefined behavior
Next by thread: Re: uc_width and wcwidth optimization
Index(es):
- Date
- Thread