Subject: Re: lib/35401
To: None <netbsd-bugs@netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 01/11/2007 19:09:41
Christos Zoulas wrote:
> In article <20070111085655.GA16866@cyclonus>,
> Christian Biere  <christianbiere@gmx.de> wrote:
> >Christos Zoulas wrote:
> >> Index: vfprintf.c
> >> ===================================================================
> >> RCS file: /cvsroot/src/lib/libc/stdio/vfprintf.c,v
> >> retrieving revision 1.54
> >> diff -u -u -r1.54 vfprintf.c
> >> --- vfprintf.c	30 Oct 2006 05:10:40 -0000	1.54
> >> +++ vfprintf.c	11 Jan 2007 02:56:58 -0000
> >> @@ -353,6 +353,8 @@
> >>  		if ((m = fmt - cp) != 0) {
> >>  			PRINT(cp, m);
> >>  			ret += m;
> >> +			if (ret < 0)
> >> +				goto ovfl;
> >>  		}
> >
> >For what it's worth, this has undefined behaviour even though it probably just
> >works with the current GCC.
 
> Can you please explain which part is undefined behavior?

ret has type "int". Your fix assumes that an overflow causes a negative result.
C says an integer overflow has undefined behaviour. I guess it works in practice
but hardware with saturation arithmetic exists (MMX, SSE) and it might be the
default operation in future architectures.

-- 
Christian