GNU bug report logs -
#8545
issues with recent doprnt-related changes
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Mon, 25 Apr 2011 05:48:01 UTC
Severity: normal
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #123 received at 8545 <at> debbugs.gnu.org (full text, mbox):
>> There are similar reliable tests for the other arithmetic operations.
>
> Is this documented somewhere? Is there a list of the standard ways?
CERT has something, here:
https://www.securecoding.cert.org/confluence/display/seccode/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow
Although the principles in that memo are OK, the actual code is
hard to read and its multiplication overflow checking is buggy.
Here's something better, which I just now wrote. Also, please see
Emacs Bug#8611 <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8611>;
its patch uses code like the following.
#include <limits.h>
int
add_overflow (int a, int b)
{
return (b < 0
? a < INT_MIN - b
: INT_MAX - b < a);
}
int
subtract_overflow (int a, int b)
{
return (b < 0
? INT_MAX + b < a
: a < INT_MIN + b);
}
int
unary_minus_overflow (int a)
{
return a < -INT_MAX;
}
int
multiply_overflow (int a, int b)
{
return (b < 0
? (a < 0
? a < INT_MAX / b
: b != -1 && INT_MIN / b < a)
: (b != 0
&& (a < 0
? a < INT_MIN / b
: INT_MAX / b < a)));
}
int
quotient_overflow (int a, int b)
{
/* This does not check for division by zero. Add that if you like. */
return a < -INT_MAX && b == -1;
}
int
remainder_overflow (int a, int b)
{
/* Mathematically the remainder should never overflow, but on x86-like
hosts INT_MIN % -1 traps, and the C standard permits this. */
return quotient_overflow (a, b);
}
This bug report was last modified 4 years and 251 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.