Date: Mon, 12 May 2014 19:03:22 +0200 From: Jilles Tjoelker <jilles@stack.nl> To: Andrey Chernov <ache@freebsd.org> Cc: svn-src-stable@freebsd.org, Don Lewis <truckman@FreeBSD.org>, src-committers@freebsd.org, svn-src-stable-10@freebsd.org, svn-src-all@freebsd.org Subject: Re: svn commit: r265901 - stable/10/sys/kern Message-ID: <20140512170322.GA2479@stack.nl> In-Reply-To: <5370F110.5050502@freebsd.org> References: <201405120427.s4C4RAZf093033@svn.freebsd.org> <5370F110.5050502@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 12, 2014 at 08:04:32PM +0400, Andrey Chernov wrote:
> On 12.05.2014 8:27, Don Lewis wrote:
> > + if (start + amask < start) {
> > + DPRINTF(("start+amask wrapped around\n"));
> > + goto out;
> > + }
> Checking for overflow _after_ it happens is unportable and dangerous,
> since wrapping around is not only one possible result. They should be
> rewritten like that:
> if (start > ULONG_MAX - amask)
Unsigned types wrap around per the C standard. Overflow checking after
it happens is fine.
You are right for signed types.
--
Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140512170322.GA2479>