This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Signed int overflow behaviour in the security context


> This is a typical example of removing an if branch because signed
> overflow is undefined.  This kind of code is common enough.

I could not have made my point any better myself. 

And you think that somehow defining it (which the definition people
seem to favor would be to make it wrapping) ameliorates any of these
concerns?

User parameters can't be trusted no matter whether signed overflow is
defined  or not.
Making it defined and wrapping doesn't help at all. It just means you
write different checks, not less of them.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]