On Sat, Dec 4, 2010 at 7:22 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Joe Buck: > >> It's wasted code if the multiply instruction detects the overflow. >> It's true that the cost is small (maybe just one extra instruction >> and the same number of tests, maybe one more on architectures where you >> have to load a large constant), but it is slightly worse code than what >> Chris Lattner showed. > > It's possible to improve slightly on the LLVM code by using the > overflow flag (at least on i386/amd64), as explained in this blog > post: > > <http://blogs.msdn.com/b/michael_howard/archive/2005/12/06/500629.aspx> > > My patch emits a run-time division if a VLA is used in an allocator. > But that's a semi-deprecated GCC extension, so I don't think we need > to care.
Personally, the VLA issue is not one I would care much about. If it can be done without much cost, fine. Otherwise, I would not tie the checking of the standard construct to it. > >> Still, it's certainly an improvement on the current >> situation and the cost is negligible compared to the call to the >> allocator. Since it's a security issue, some form of the patch should >> go in. > > Well, should I resubmit, with the fix for the problem building > size_t(-1)? I think that would help. -- Gaby