This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Integer overflow in operator new
> > Florian Weimer writes:
> >>I don't think this check is correct. Consider num = 0x33333334 and
> >>size = 6. It seems that the check is difficult to perform efficiently
> >>unless the architecture provides unsigned multiplication with overflow
> >>detection, or an instruction to implement __builtin_clz.
Right; sorry for the bad code. We need a saturating multiply, and
the most efficient implementations can't be expressed in C/C++ directly.
I don't think that fixing my code is the right approach.
If there's an unsigned multiply instruction that sets an overflow flag,
or a 32x32->64 unsigned multiply, then it suffices to say "if overflow,
replace product with all-ones." The penalty for doing that should be
a lot smaller.