On 08 April 2007 10:43, Florian Weimer wrote:
> * Joe Buck:
>
>> Consider an implementation that, when given
>>
>> Foo* array_of_foo = new Foo[n_elements];
>>
>> passes __compute_size(elements, sizeof Foo) instead of n_elements*sizeof
>> Foo to operator new, where __compute_size is
>>
>> inline size_t __compute_size(size_t num, size_t size) {
>> size_t product = num * size;
>> return product >= num ? product : ~size_t(0);
>> }
>
> I don't think this check is correct. Consider num = 0x33333334 and
> size = 6. It seems that the check is difficult to perform efficiently
> unless the architecture provides unsigned multiplication with overflow
> detection, or an instruction to implement __builtin_clz.
Wouldn't using -ftrapv do what we want? Would a possible answer be to make
an ftrapv attribute that could be selectively applied to security-critical
library routines such as operator new?
cheers,
DaveK
--
Can't think of a witty .sigline today....
