On 10/09/2021 12:53, brodie gaslam wrote:
On Friday, September 10, 2021, 03:13:54 PM EDT, Hervé Pagès
<hpages.on.git...@gmail.com> wrote:
Good catch, thanks!
Replacing
if(ISNAN(vi) || (tmp = (int) vi) < 0 || tmp > 255) {
tmp = 0;
warn |= WARN_RAW;
}
pa[i] = (Rbyte) tmp;
with
if(ISNAN(vi) || vi <= -1.0 || vi >= 256.0)
{
tmp = 0;
warn |= WARN_RAW;
} else {
tmp = (int) vi;
}
pa[i] = (Rbyte) tmp;
should address that.
FWIW IntegerFromReal() has a similar risk of int overflow
(src/main/coerce.c, lines 128-138):
int attribute_hidden
IntegerFromReal(double x, int *warn)
{
if (ISNAN(x))
return NA_INTEGER;
else if (x >= INT_MAX+1. || x <= INT_MIN ) {
*warn |= WARN_INT_NA;
return NA_INTEGER;
}
return (int) x;
}
The cast to int will also be an int overflow situation if x is > INT_MAX
and < INT_MAX+1 so the risk is small!
I might be being dense, but it feels this isn't a problem? Quoting C99
6.3.1.4 again (emph added):
When a finite value of real floating type is converted to an integer
type other than _Bool, **the fractional part is discarded** (i.e., the
value is truncated toward zero). If the value of the integral part
cannot be represented by the integer type, the behavior is undefined.50)
Does the "fractional part is discarded" not save us here?
I think it does. Thanks for clarifying and sorry for the false positive!
H.
Best,
B.
--
Hervé Pagès
Bioconductor Core Team
hpages.on.git...@gmail.com
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
