This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Integer overflow in operator new
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: rridge at csclub dot uwaterloo dot ca (Ross Ridge)
- Cc: gcc at gcc dot gnu dot org
- Date: Mon, 09 Apr 2007 00:23:00 +0200
- Subject: Re: Integer overflow in operator new
- References: <20070408163230.CC95F7422C@caffeine.csclub.uwaterloo.ca>
* Ross Ridge:
> Florian Weimer writes:
>>I don't think this check is correct. Consider num = 0x33333334 and
>>size = 6. It seems that the check is difficult to perform efficiently
>>unless the architecture provides unsigned multiplication with overflow
>>detection, or an instruction to implement __builtin_clz.
>
> This should work instead:
>
> inline size_t __compute_size(size_t num, size_t size) {
> if (num > ~size_t(0) / size)
> return ~size_t(0);
> return num * size;
> }
Yeah, but that division is fairly expensive if it can't be performed
at compile time. OTOH, if __compute_size is inlined in all places,
code size does increase somewhat.