On 05/15/2013 03:40 PM, Dan Carpenter wrote:
>> The 2 variables for comparing: one is 'u8', the other is 'int'. Since
>> > 'int' is 'bigger' than 'u8', I like cast to 'int' (it is the 'default
>> > habit') ;-)
>> >
>> > Could you describe the details again for why 'u8' is better than 'int' ?
>> >
> I explained this at length in an earlier email but here is the short
> version again. There are two bugs people introduce with min_t()
> casting.
>
> 1) Casting high unsigned values to negative.
> 2) Truncating the value.
>
> I tend to worry more about casting to negative because those are
> more common and have worse effects for security. In this case,
> either int or u8 work, but when someone audits the code the cast to
> int is a red flag and needs to be reviewed.
Thank you for your precious details:
if using 'int', need worry about 1) Casting high unsigned to negative
if using 'u8', need worry about 2) Truncating the value
But at least for current gcc version under x86, I have given a test for
it, the result seems OK (but in my memory, some compilers will get the
different results).
Please see below:
------------------------code begin------------------------------------
#include <stdio.h>
int main()
{
unsigned char a = 0xff;
int b = 20;
int c = a;
char x = -1;
unsigned int y = 10;
unsigned int z = x;
if (a < b)
printf("\na < b: c = %x, b = %x, a = %x\n", c, b, a);
else
printf("\na >= b: c = %x, b = %x, a = %x\n", c, b, a);
if (x < y)
printf("\nx < y: x = %x, y = %x, z = %x\n", x, y, z);
else
printf("\nx >= y: x = %x, y = %x, z = %x\n", x, y, z);
return 0;
}
------------------------code end--------------------------------------
[root@gchenlinux tmp]# cc -Wall -O2 -g -o test test.c
[root@gchenlinux tmp]# ./test
a >= b: c = ff, b = 14, a = ff
x >= y: x = ffffffff, y = a, z = ffffffff
Thanks.
--
Chen Gang
Asianux Corporation
_______________________________________________
devel mailing list
[email protected]
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
