Re: [RFC] Detect most integer overflows.

[OndÅej BÃlka <neleai at seznam dot cz>]

On Sun, Oct 27, 2013 at 02:15:57PM +0100, Jakub Jelinek wrote:
> On Sun, Oct 27, 2013 at 12:35:24PM +0100, OndÅej BÃlka wrote:
> > On Sun, Oct 27, 2013 at 11:51:00AM +0100, Marek Polacek wrote:
> > > Or just wait till the integer overflow detection in ubsan is completed.
> > >
> > As these computations now are done on unsigned type which has behaviour
> > defined as modular arithmetic this would not help. 
> 
> But what is integer overflow on unsigned type?  If you want to add -1
> in unsigned arithmetics, you add very large positive number instead and that
> would overflow, even if it is unlikely it is an error and it is pretty common.
> 

From c standard:

6.2.5 Types
...
9 The range of nonnegative values of a signed integer type is a subrange of the
corresponding unsigned integer type, and the representation of the same value in each
type is the same.31) A computation involving unsigned operands can never overflow,
because a result that cannot be represented by the resulting unsigned integer type is
reduced modulo the number that is one greater than the largest value that can be
represented by the resulting type.


There is no error. My proposion was different, detect overflows only for
size_t which while technically illegal is most likely used in size
calculations and checking overflow would likely prevent a buffer
overflow when it is used.