On 25/08/17 03:57 AM, Eric Anholt wrote:
> ---
>
> We pass the overflow unit tests both before and after this change, but
> this should be safer.
>
> include/misc.h | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/include/misc.h b/include/misc.h
> index 0feeaebc7c1a..9d0e422e36b4 100644
> --- a/include/misc.h
> +++ b/include/misc.h
> @@ -327,7 +327,11 @@ bswap_32(uint32_t x)
> static inline Bool
> checked_int64_add(int64_t *out, int64_t a, int64_t b)
> {
> - int64_t result = a + b;
> + /* Do the potentially overflowing math as uint64_t, as signed
> + * integers in C are undefined on overflow (and the compiler may
> + * optimize out our overflow check below, otherwise)
> + */
> + int64_t result = (uint64_t)a + (uint64_t)b;
Is assigning an unsigned value with the MSB set to a signed variable
well-defined in C?
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel
