The configure test for mktime (m4/mktime.m4) contains the following
code:
for (;;)
{
t = (time_t_max << 1) + 1;
if (t <= time_t_max)
break;
time_t_max = t;
}
This code has undefined behavior on signed integer overflow; at least
some versions of gcc, and any san
[adding bug-gnulib, as requested]
On 01/26/2011 10:21 PM, Rich Felker wrote:
> The configure test for mktime (m4/mktime.m4) contains the following
> code:
>
> for (;;)
> {
> t = (time_t_max << 1) + 1;
> if (t <= time_t_max)
> break;
> time_t_max = t;
> }
>
> T
On Thu, Jan 27, 2011 at 08:14:56AM -0700, Eric Blake wrote:
> # define TYPE_MINIMUM(t) \
> ((t) (! TYPE_SIGNED (t) \
> ? (t) 0 \
> : TYPE_SIGNED_MAGNITUDE (t) \
> ? ~ (t) 0 \
> : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))
> # define TYPE_MAXIMUM(t) \
> ((t) (! TYPE
On 01/27/2011 10:57 AM, Paul Eggert wrote:
# define TYPE_MAXIMUM(t) \
((t) (! TYPE_SIGNED (t) \
? (t) -1 \
: ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1
>> The last line of this macro has UB due to signed integer overflow in
>> the << operation.
>
> No it doe
On 01/27/11 09:28, Rich Felker wrote:
> On Thu, Jan 27, 2011 at 08:14:56AM -0700, Eric Blake wrote:
>> > # define TYPE_MINIMUM(t) \
>> > ((t) (! TYPE_SIGNED (t) \
>> > ? (t) 0 \
>> > : TYPE_SIGNED_MAGNITUDE (t) \
>> > ? ~ (t) 0 \
>> > : ~ (t) 0 << (sizeof (t) * CHA
Rich Felker wrote:
> > # define TYPE_MAXIMUM(t) \
> > ((t) (! TYPE_SIGNED (t) \
> > ? (t) -1 \
> > : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1
>
> The last line of this macro has UB due to signed integer overflow in
> the << operation.
No there is no overflow here. The ~ oper
On 01/27/11 10:15, Eric Blake wrote:
> In other words, the problem is not about overflow, but about undefined
> behavior.
You're right that the behavior is not defined, but this should
not be a problem in practice, any more than the * CHAR_BIT business
should be a problem in practice (that also re
