integer overflow check

Alan Coopersmith alan.coopersmith at oracle.com
Mon Dec 15 10:34:19 PST 2014


On 12/15/14 10:28 AM, jes at posteo.de wrote:
>> Again, I've got no better answer than no one noticed during our reviews since
>> we were focusing on making sure the malloc calls didn't overflow, not on
>> fighting the optimizer deciding to work against us.
>
> What do you mean with 'fighting the optimizer deciding to work against us'?

With traditional C compilers, it wouldn't matter if we checked for overflow
after REQUEST_FIXED_SIZE, since REQUEST_FIXED_SIZE isn't doing anything risky
with the results, such as allocating memory.

Newer compilers which require programmers to pay strict attention to the
minutia of the language and may optimize out overflow checks assuming they
couldn't possibly be needed after we already used the results can cause
problems in code like X that were written decades ago and working until now.

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list