This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Use <intprops.h> within glibc for integer overflow checks?

From: Andreas Jaeger <aj at suse dot com>
To: Paul Eggert <eggert at cs dot ucla dot edu>
Cc: libc-alpha at sourceware dot org, Nickolai Zeldovich <nickolai at csail dot mit dot edu>
Date: Thu, 16 May 2013 16:40:24 +0200
Subject: Re: Use <intprops.h> within glibc for integer overflow checks?
References: <1368637095-20325-1-git-send-email-nickolai at csail dot mit dot edu> <51940134 dot 1040408 at cs dot ucla dot edu>

On 05/15/2013 11:42 PM, Paul Eggert wrote:

On 05/15/13 09:58, Nickolai Zeldovich wrote:

+#define __HALF_MAX_SIGNED(type) \
+	((type)1 << (sizeof(type)*8-2))
+#define __MAX_SIGNED(type) \
+	(__HALF_MAX_SIGNED(type) - 1 + __HALF_MAX_SIGNED(type))
...
-  if (offset + len < 0)
+  if (offset > __MAX_SIGNED(__off_t) - len)


At some point perhaps glibc should steal the <intprops.h>
header from gnulib, for internal use.  That way, the above
code could be simplified to:


Good idea, I'll add it to the Todo list at:
http://sourceware.org/glibc/wiki/Development_Todo/Master

Andreas
--
 Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
  SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 NÃrnberg, Germany
   GF: Jeff Hawn,Jennifer Guild,Felix ImendÃrffer,HRB16746 (AG NÃrnberg)
    GPG fingerprint = 93A3 365E CE47 B889 DF7F  FED1 389A 563C C272 A126

References:
- [PATCH] [BZ #15002] posix_fallocate: avoid undefined behavior in wraparound check
  - From: Nickolai Zeldovich
- Use <intprops.h> within glibc for integer overflow checks?
  - From: Paul Eggert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]