Daniel Jacobowitz wrote:
On Tue, Apr 08, 2008 at 01:09:18PM +0100, Dave Korn wrote:
~ $ gcc -O3 -S -xc -o 2.s -
extern void foo (char *buf, int len);
extern void bar (char *buf);
void foo (char *buf, int len)
{
if (buf+len < buf)
{
bar (buf);
}
return;
}
Note that if buf is a char *, there's no way to know that it's the
start of an object. So you're not testing the same thing they were
talking about; calling foo (&str[2], -1) is completely valid C.
Exactly.
Dave, that's why my test example had the:
len = 1 << 30;
line. The compiler has to know that the value of len is non-negative in
order to do the optimization. Using an "unsigned int len" parameter
should also give it that information, but the version I had was designed
to closely resemble the case shown to my by CERT, which used a signed
variable.
Thanks,
--
Mark Mitchell
CodeSourcery
[EMAIL PROTECTED]
(650) 331-3385 x713
