This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [BZ 20628] make mallinfo saturating
- From: DJ Delorie <dj at redhat dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: carlos at redhat dot com, libc-alpha at sourceware dot org
- Date: Thu, 06 Oct 2016 12:52:45 -0400
- Subject: Re: [PATCH] [BZ 20628] make mallinfo saturating
- Authentication-results: sourceware.org; auth=none
Paul Eggert <eggert@cs.ucla.edu> writes:
> I don't see how that follows. If INTERNAL_SIZE_T and int are both 32
> bits, then (INTERNAL_SIZE_T)(SUM) + (INTERNAL_SIZE_T)(ADD) is a 32-bit
> unsigned addition. This addition can overflow and wrap around, but
> the code doesn't check for that overflow.
I'm not arguing that the logic handles it, I'm arguing that with a
32-bit memory space none of the values will "happen" to cause an
overflow, because we never have more than 2^32 bytes of memory or 2^32
objects to count. I.e. overflow would only happen in the case where the
logic handles it properly. I'll add a comment to this effect, unless
you're arguing that the macro should be more general-purpose, which we
can argue in an independent context if you wish.
>>> Also, if SUM is INT_MIN
>>
>> "Assumes ADD and SUM are positive."
>
> That assumption is incorrect, since SUM can be INT_MIN after a
> wraparound overflow.
Well it *used* to be correct... /me will work on that ;-)