> On Friday, September 10, 2021, 03:13:54 PM EDT, Hervé Pagès > <hpages.on.git...@gmail.com> wrote: > > Good catch, thanks! > > Replacing > > if(ISNAN(vi) || (tmp = (int) vi) < 0 || tmp > 255) { > tmp = 0; > > warn |= WARN_RAW; > > } > pa[i] = (Rbyte) tmp; > > with > > if(ISNAN(vi) || vi <= -1.0 || vi >= 256.0) > { > tmp = 0; > > warn |= WARN_RAW; > > } else { > tmp = (int) vi; > } > pa[i] = (Rbyte) tmp; > > should address that. > > FWIW IntegerFromReal() has a similar risk of int overflow > (src/main/coerce.c, lines 128-138): > > > int attribute_hidden > > IntegerFromReal(double x, int *warn) > > { > > if (ISNAN(x)) > > return NA_INTEGER; > > else if (x >= INT_MAX+1. || x <= INT_MIN ) { > > *warn |= WARN_INT_NA; > > return NA_INTEGER; > > } > > return (int) x; > > } > > > > The cast to int will also be an int overflow situation if x is > INT_MAX > and < INT_MAX+1 so the risk is small!
I might be being dense, but it feels this isn't a problem? Quoting C99 6.3.1.4 again (emph added): > When a finite value of real floating type is converted to an integer > type other than _Bool, **the fractional part is discarded** (i.e., the > value is truncated toward zero). If the value of the integral part > cannot be represented by the integer type, the behavior is undefined.50) Does the "fractional part is discarded" not save us here? Best, B. ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel