Security professionals who cannot write a correct integer overflow / pointer overflow check remind me of arsonist firefighters.
Also failing I think. Most important one is a>TYPE_MAX/b. Trivial to opt as mul+cc check.
-
-
can you give a gcc explorer link? I can try to fix
-
On mobile browser atm but just int f(unsigned a,unsigned b) {return a>UINT_MAX/b;}
-
btw LLVM and GCC both already emit pretty good code for thispic.twitter.com/44LMxlYX1D
-
That's a buggy test; it assumes long is twice as wide as int.
-
Even if you fix that detail using right types, it assumes _existence_ of a double-width type...
-
..which is false for size_t on a 64-bit system.
-
Even with existence, it's buggy. It should be `unsigned long`.
-
As written g(-1,-1) does signed overflow if long is 64b and unsigned is 32b.
- 3 more replies
New conversation -
-
-
Yet no compilers know how to do it. They all emit div.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.