On Sun, Oct 27, 2013 at 02:15:57PM +0100, Jakub Jelinek wrote: > On Sun, Oct 27, 2013 at 12:35:24PM +0100, Ondřej Bílka wrote: > > On Sun, Oct 27, 2013 at 11:51:00AM +0100, Marek Polacek wrote: > > > Or just wait till the integer overflow detection in ubsan is completed. > > > > > As these computations now are done on unsigned type which has behaviour > > defined as modular arithmetic this would not help. > > But what is integer overflow on unsigned type? If you want to add -1 > in unsigned arithmetics, you add very large positive number instead and that > would overflow, even if it is unlikely it is an error and it is pretty common. >
From c standard: 6.2.5 Types ... 9 The range of nonnegative values of a signed integer type is a subrange of the corresponding unsigned integer type, and the representation of the same value in each type is the same.31) A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type. There is no error. My proposion was different, detect overflows only for size_t which while technically illegal is most likely used in size calculations and checking overflow would likely prevent a buffer overflow when it is used.
