Re: Having fun with the following C code (UB)

To: debian-devel@lists.debian.org
Subject: Re: Having fun with the following C code (UB)
From: Russ Allbery <rra@debian.org>
Date: Mon, 14 Apr 2014 17:01:42 -0700
Message-id: <[🔎] 8738hf8nq1.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20140414132123.GA25699@ypig.lip.ens-lyon.fr> (Vincent Lefevre's message of "Mon, 14 Apr 2014 15:21:23 +0200")
References: <[🔎] 20140410153409.GA32321@xvii.vinc17.org> <[🔎] 21318.56319.795404.108549@chiark.greenend.org.uk> <[🔎] 5346F981.9010802@debian.org> <[🔎] 20140412203827.GA25376@khazad-dum.debian.net> <[🔎] 5349F72D.4030401@debian.org> <[🔎] 87wqeurm01.fsf@windlord.stanford.edu> <[🔎] 5349FEBC.70105@shemesh.biz> <[🔎] 87lhv9sy3y.fsf@windlord.stanford.edu> <[🔎] 20140414115111.GB5354@ypig.lip.ens-lyon.fr> <[🔎] ligjem$plj$1@ger.gmane.org> <[🔎] 20140414132123.GA25699@ypig.lip.ens-lyon.fr>

Vincent Lefevre <vincent@vinc17.net> writes:

> But what I mean is that it's pointless to emit such a warning when the
> effect of the potential integer overflow is already visible, for
> instance in printf below:

>   m = d * C;
>   printf ("%d\n", m);
>   return m >= 0;

> If there was an integer overflow, you will get an incorrect value output
> by the printf. This means that it is very likely to be a false
> positive. So, one doesn't want the warning.

It's not pointless because at least now you get a warning and may realize
that the whole function is vulnerable when you go look at the warning
site.

In other words, what you would (rightfully) like is a warning when you're
invoking signed integer overflow, or at least the compiler can't prove
you're not.  Unfortunately, the compiler isn't good enough to give you
that warning.  Your options are a warning when the compiler can figure
that out, which currently only triggers in some optimization paths, or no
warning at all.

I would like the warning that you want as well, but failing that, I'll
take the optimization path one as at least something.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Having fun with the following C code (UB)
  - From: Vincent Lefevre <vincent@vinc17.net>

References:
- Re: Having fun with the following C code (UB)
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Having fun with the following C code (UB)
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Having fun with the following C code (UB)
  - From: Shachar Shemesh <shachar@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Shachar Shemesh <shachar@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Russ Allbery <rra@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Shachar Shemesh <shachar@shemesh.biz>
- Re: Having fun with the following C code (UB)
  - From: Russ Allbery <rra@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Having fun with the following C code (UB)
  - From: Raphael Geissert <geissert@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: About a mass bug report not based on Sid or Jessie.
Next by Date: Re: About a mass bug report not based on Sid or Jessie.
Previous by thread: Re: Having fun with the following C code (UB)
Next by thread: Re: Having fun with the following C code (UB)
Index(es):
- Date
- Thread