This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>
- Cc: Rich Felker <dalias at libc dot org>, GLIBC Devel <libc-alpha at sourceware dot org>, Alexander Cherepanov <ch3root at openwall dot com>, Florian Weimer <fweimer at redhat dot com>
- Date: Tue, 27 Oct 2015 10:51:52 +0000
- Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com> <20151026200605 dot GI8645 at brightrain dot aerifal dot cx> <CALoOobPxCPN_Lwvc98CevgCJMwHa_9cURZsALsLeG+SPDSF+Xw at mail dot gmail dot com> <20151027042627 dot GA25140 at vapier dot lan> <CALoOobOiP=n=2cDEN6Det+EKrr3XO0BrWC=6St4t9C98_Vo6mw at mail dot gmail dot com>
On Mon, 26 Oct 2015, Paul Pluzhnikov wrote:
> static inline bool
> __attribute__ ((__always_inline))
> __umull_overflow (size_t a, size_t b)
I don't approve of function naming that quietly embeds the assumption that
size_t and unsigned long have the same set of values.
If you want a multiplication function for size_t, whether saturating or
setting an explicit overflow flag, then the name should make clear that
it's for size_t. And if you use __builtin_umull_overflow in the
implementation, you should also have a static assertion that SIZE_MAX ==
ULONG_MAX.
--
Joseph S. Myers
joseph@codesourcery.com