On 2013-02-04 14:26:38 +0100, Torbjorn Granlund wrote:
> Vincent Lefevre <vinc...@vinc17.net> writes:
>
> On 2013-02-04 13:57:16 +0100, Torbjorn Granlund wrote:
> > I chose to not provide mpz_ptr since I think it would be prone to
> > errors. I expect code like this to be created:
> >
> > mpz_ptr
> > foo (mpz_t a, mpz_t b)
> > {
> > mpz_t c;
> > mpz_init (c);
> > mpz_add (c, a, b);
> > return c;
> > }
>
> This is not specific to GMP: every C coder should know that returning
> a local variable is incorrect.
>
> It is? What is wrong with
Sorry, I sent my mail before re-reading it. I corrected what I meant
in a followup: the *address* of a local variable.
> I don't think it is self-evident that mpz_t is special.
Well, if it weren't special, the beginning of the code could have
never worked (except if mpz_add were always a macro, but I assume
that most users see it as a function).
I agree that the fact that c evaluates to a pointer is a bit hidden,
though, but not completely: the fact that the user writes mpz_ptr
as a return type while the type of c is mpz_t should make him think
about something special.
Anyway, the fact that GCC detects the problem is another security
(users should take care of all warnings). Or do you have an example
that wouldn't trigger a GCC warning?
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
_______________________________________________
gmp-devel mailing list
gmp-devel@gmplib.org
http://gmplib.org/mailman/listinfo/gmp-devel
