This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
DJ Delorie wrote:
Paul Eggert <eggert@cs.ucla.edu> writes:These don't look right, as INTERNAL_SIZE_T might not be wider than int,In which case, the values we're adding up won't overflow because memory is limited to an int-sized address space.
I don't see how that follows. If INTERNAL_SIZE_T and int are both 32 bits, then (INTERNAL_SIZE_T)(SUM) + (INTERNAL_SIZE_T)(ADD) is a 32-bit unsigned addition. This addition can overflow and wrap around, but the code doesn't check for that overflow.
Also, if SUM is INT_MIN"Assumes ADD and SUM are positive."
That assumption is incorrect, since SUM can be INT_MIN after a wraparound overflow.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |