On Tuesday 19 December 2006 11:37, Paolo Bonzini wrote:
>
> > By the way, as I've tried to describe here:
> > <http://cert.uni-stuttgart.de/advisories/c-integer-overflow.php>
> > variable range tracking can result in reintroduction of
> > supposedly-fixed security vulnerabilities. 8-(
>
> Interesting read. I agree with the proposed fix; however, note that GCC
> does not make the result of overflowing signed left-shifts undefined,
> exactly because in this case the overflow is relied upon by too many
> existing programs (and also because left shifts are inherently a bitwise
> operation, with well defined overflowing behavior on the most
> significant bits).
I wrote this just a few days ago:
do {
int32_t v1 = v << 1;
if (v < 0) v1 ^= mask;
v = v1;
printf("%10u: %08x\n", c++, v);
} while (v != 1);
I would become rather sad if this will stop compiling correctly.
--
vda
