From owner-svn-src-all@FreeBSD.ORG Mon May 12 17:42:56 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 143E07CD for ; Mon, 12 May 2014 17:42:56 +0000 (UTC) Received: from mail-lb0-f173.google.com (mail-lb0-f173.google.com [209.85.217.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 801752DF7 for ; Mon, 12 May 2014 17:42:55 +0000 (UTC) Received: by mail-lb0-f173.google.com with SMTP id 10so7782006lbg.18 for ; Mon, 12 May 2014 10:42:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=AxH1wgr5tF2mVXLpDtIpVLIdFyS/TR62B5ZCWse1kFw=; b=ADNhXI4OG6UH76HYVR35DLXfOPC1X+oKi8u6AFOFYwIkSmC2WKkG9p90HWPJXsdp6/ 6y/aeKgMDq5eS1y+5x8Un7TKv0I9Udoqi+czkvyV2dtPeWke684+obmFR3hTBSlfk+1C vWBP4UW6Avth3P/CdZuwEp3w4Mv4zqWZo34tTRb189H8HoIE52qMirtN4OmkOF1Po0UP JBq0/zwvXGSY6MV61c2KJgECICH1sdX4H0274VQThKyowBYZSdLVUvZbJE7P9+NGgk/4 rIiy8R3leHodIi1+BK1LwkueX0+59muTE2iqhoEDQP13bjYQ/OY8dvJJrsgM4onqBC02 oR8g== X-Gm-Message-State: ALoCoQkKctSBMejKfwmaHrpGSOZfzjIFaPrNsDdkT+0TQeKeidYLPuxS2OTNcwDaMtEkQ2NBDerk X-Received: by 10.112.189.138 with SMTP id gi10mr14465714lbc.15.1399916572813; Mon, 12 May 2014 10:42:52 -0700 (PDT) Received: from [192.168.1.2] ([89.169.173.68]) by mx.google.com with ESMTPSA id ob4sm14424792lbc.30.2014.05.12.10.42.51 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 12 May 2014 10:42:51 -0700 (PDT) Message-ID: <5371081A.2070703@freebsd.org> Date: Mon, 12 May 2014 21:42:50 +0400 From: Andrey Chernov User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Jilles Tjoelker Subject: Re: svn commit: r265901 - stable/10/sys/kern References: <201405120427.s4C4RAZf093033@svn.freebsd.org> <5370F110.5050502@freebsd.org> <20140512170322.GA2479@stack.nl> In-Reply-To: <20140512170322.GA2479@stack.nl> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit Cc: svn-src-stable@freebsd.org, Don Lewis , src-committers@freebsd.org, svn-src-stable-10@freebsd.org, svn-src-all@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2014 17:42:56 -0000 On 12.05.2014 21:03, Jilles Tjoelker wrote: > On Mon, May 12, 2014 at 08:04:32PM +0400, Andrey Chernov wrote: >> On 12.05.2014 8:27, Don Lewis wrote: >>> + if (start + amask < start) { >>> + DPRINTF(("start+amask wrapped around\n")); >>> + goto out; >>> + } > >> Checking for overflow _after_ it happens is unportable and dangerous, >> since wrapping around is not only one possible result. They should be >> rewritten like that: > >> if (start > ULONG_MAX - amask) > > Unsigned types wrap around per the C standard. Overflow checking after > it happens is fine. > > You are right for signed types. > You are right. The C Standard, 6.2.5, paragraph 9 [ISO/IEC 9899:2011], states: "A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type." I was initially confused by "integer overflow" phrase in the commit's comment, mechanically producing example above which supposed to be for signed types. -- http://ache.vniz.net/