svn commit: r265901 - stable/10/sys/kern
Andrey Chernov
ache at freebsd.org
Mon May 12 17:42:56 UTC 2014
On 12.05.2014 21:03, Jilles Tjoelker wrote:
> On Mon, May 12, 2014 at 08:04:32PM +0400, Andrey Chernov wrote:
>> On 12.05.2014 8:27, Don Lewis wrote:
>>> + if (start + amask < start) {
>>> + DPRINTF(("start+amask wrapped around\n"));
>>> + goto out;
>>> + }
>
>> Checking for overflow _after_ it happens is unportable and dangerous,
>> since wrapping around is not only one possible result. They should be
>> rewritten like that:
>
>> if (start > ULONG_MAX - amask)
>
> Unsigned types wrap around per the C standard. Overflow checking after
> it happens is fine.
>
> You are right for signed types.
>
You are right. The C Standard, 6.2.5, paragraph 9 [ISO/IEC 9899:2011],
states:
"A computation involving unsigned operands can never overflow, because a
result that cannot be represented by the resulting unsigned integer type
is reduced modulo the number that is one greater than the largest value
that can be represented by the resulting type."
I was initially confused by "integer overflow" phrase in the commit's
comment, mechanically producing example above which supposed to be for
signed types.
--
http://ache.vniz.net/
More information about the svn-src-all
mailing list