Subject: Re: lib/35401
To: None <netbsd-bugs@netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 01/11/2007 19:09:41
Christos Zoulas wrote:
> In article <20070111085655.GA16866@cyclonus>,
> Christian Biere <christianbiere@gmx.de> wrote:
> >Christos Zoulas wrote:
> >> Index: vfprintf.c
> >> ===================================================================
> >> RCS file: /cvsroot/src/lib/libc/stdio/vfprintf.c,v
> >> retrieving revision 1.54
> >> diff -u -u -r1.54 vfprintf.c
> >> --- vfprintf.c 30 Oct 2006 05:10:40 -0000 1.54
> >> +++ vfprintf.c 11 Jan 2007 02:56:58 -0000
> >> @@ -353,6 +353,8 @@
> >> if ((m = fmt - cp) != 0) {
> >> PRINT(cp, m);
> >> ret += m;
> >> + if (ret < 0)
> >> + goto ovfl;
> >> }
> >
> >For what it's worth, this has undefined behaviour even though it probably just
> >works with the current GCC.
> Can you please explain which part is undefined behavior?
ret has type "int". Your fix assumes that an overflow causes a negative result.
C says an integer overflow has undefined behaviour. I guess it works in practice
but hardware with saturation arithmetic exists (MMX, SSE) and it might be the
default operation in future architectures.
--
Christian