[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] signed integer overflow undefined behavior
From: |
Paul Eggert |
Subject: |
Re: [PATCH] signed integer overflow undefined behavior |
Date: |
Fri, 13 Dec 2013 14:01:58 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
On 12/12/2013 10:12 PM, Eric Lubin wrote:
> he disregards the fact that integer overflow is undefined in C
No, it's listed in FIXME comments:
/* FIXME: Check for arithmetic overflow in all cases, not just
some of them. */
...
/* FIXME: It also assumes that signed integer overflow silently wraps around,
but this is not true any more with recent versions of GCC 4. */
The patch you sent in doesn't look right, as it appears to assume
that time_t is the same width as 'long'. Also, it incorrectly assumes
that t0, t1, t2, and t3 are nonnegative. Furthermore, it'd be better to use the
INT_MULTIPLY_OVERFLOW and INT_ADD_OVERFLOW macros of intprops.h
rather than try to reinvent that wheel.
I should mention that the code is riddled with problems in this area,
e.g., apply_relative_time doesn't even check for overflow. It'd be nice
if someone had the time to fix all this.