Re: Having fun with the following C code (UB)
Vincent Lefevre <vincent@vinc17.net> writes:
> But what I mean is that it's pointless to emit such a warning when the
> effect of the potential integer overflow is already visible, for
> instance in printf below:
> m = d * C;
> printf ("%d\n", m);
> return m >= 0;
> If there was an integer overflow, you will get an incorrect value output
> by the printf. This means that it is very likely to be a false
> positive. So, one doesn't want the warning.
It's not pointless because at least now you get a warning and may realize
that the whole function is vulnerable when you go look at the warning
site.
In other words, what you would (rightfully) like is a warning when you're
invoking signed integer overflow, or at least the compiler can't prove
you're not. Unfortunately, the compiler isn't good enough to give you
that warning. Your options are a warning when the compiler can figure
that out, which currently only triggers in some optimization paths, or no
warning at all.
I would like the warning that you want as well, but failing that, I'll
take the optimization path one as at least something.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: