On Tue, Jul 12, 2016 at 10:20:55AM +0100, Yuri Gribov wrote:
> There are people who would tolerate FPs if the tool indeed helps to
> find vulnerabilities. Especially if there is easy way to suppress
> checks in set of functions/files who intentionally rely on unsigned
But what is the easy way to suppress it?
For say unsigned int x, y, z;
...
x = y + z;
one can surely suppress it with
(void) __builtin_add_overflow (y, z, &x);
or as Segher mentioned on IRC, portably with:
x = ((y&((~0U/2))+(z&((~0U/2)))^((y^z)&~((~0U/2));
If there is a wider type, one can also compute in the wider type and
then mask.
Still, none of this look like easy way.
Jakub
