Hi Bernd, > -static long > +static int > d_compact_number (struct d_info *di) > { > - long num; > + int num; > if (d_peek_char (di) == '_') > num = 0; > else if (d_peek_char (di) == 'n') > @@ -2957,7 +2957,7 @@ d_compact_number (struct d_info *di) > else > num = d_number (di) + 1; > > - if (! d_check_char (di, '_')) > + if (num < 0 || ! d_check_char (di, '_')) > return -1; > return num; > }
> Shouldn't we check for overflows before performing the +1 addition (i.e. 0 <= > num < INT_MAX)? Ideally we'd also have a way to signal from d_number if we > had an overflow while parsing that number. Without an overflow signal, d_number will already be prone to return a negative number for supposedly non-negative numbers (those not preceded with ’n’). In that case an overflow check would be unnecessary in d_compact_number which is supposed to always return a positive number or a negative one (-1). If you decide in favour of an overflow signal, it must be handled by the call-sites. Not sure what the “default behaviour” should be then. Otherwise, we can simply assume that the call sites for d_number can handle negative numbers. Kindly advice. > > There's also this, in d_expression_1: > > index = d_compact_number (di) + 1; > if (index == 0) > return NULL; > > which probably ought to have the same kind of check (I'll note that at this > point we've accumulated two "+1"s, I'll assume that's what we want). Yes. There should be an overflow check here. Thanks! - Marcel