Anton Khirnov (12020-01-12): > Your explanation does not make sense to me. Checking for negative values > is not guarding against overflow, it's "checking after the fact whether > overflow occurred". Any such checks, whether signed or unsigned, are > necessarily invalid and broken (hence the quotes). Guarding against > overflow must always be done by checking BEFORE the operation that might > overflow - again both for signed and unsigned. > > From this angle, there is no difference between using signed and > unsigned values. The fact that in one case the overflow would have been > UB and the other wouldn't changes nothing here.
You are right: if the code is known to be 100% bug-free, then it makes no difference. But even TeX's code is not known to be 100% bug-free. And when there may be bugs, I think I have given ample proof that signed with UB are more dangerous than unsigned with modular arithmetic. Regards, -- Nicolas George
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
