This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Integer overflow in operator new

From: Florian Weimer <fw at deneb dot enyo dot de>
To: rridge at csclub dot uwaterloo dot ca (Ross Ridge)
Cc: gcc at gcc dot gnu dot org
Date: Mon, 09 Apr 2007 00:23:00 +0200
Subject: Re: Integer overflow in operator new
References: <20070408163230.CC95F7422C@caffeine.csclub.uwaterloo.ca>

* Ross Ridge:

> Florian Weimer writes:
>>I don't think this check is correct.  Consider num = 0x33333334 and
>>size = 6.  It seems that the check is difficult to perform efficiently
>>unless the architecture provides unsigned multiplication with overflow
>>detection, or an instruction to implement __builtin_clz.
>
> This should work instead:
>
> 	inline size_t __compute_size(size_t num, size_t size) {
> 		if (num > ~size_t(0) / size) 
> 			return ~size_t(0);
> 		return num * size;
> 	}

Yeah, but that division is fairly expensive if it can't be performed
at compile time.  OTOH, if __compute_size is inlined in all places,
code size does increase somewhat.

Follow-Ups:
- Re: Integer overflow in operator new
  - From: Ross Smith
- Re: Integer overflow in operator new
  - From: Joe Buck

References:
- Re: Integer overflow in operator new
  - From: Ross Ridge

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]