[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Security-discuss] handling integer overflows
From: |
Paul Eggert |
Subject: |
Re: [Security-discuss] handling integer overflows |
Date: |
Mon, 24 Dec 2012 14:10:43 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
On 12/24/2012 08:31 AM, Nikos Mavrogiannopoulos wrote:
Wouldn't it be nicer if these were inline functions that perform
the multiplication and return an overflow flag? e.g.
int safe_mul(uint *res, uint a, uint b)
That might be a useful thing to have, too.
But it would have a couple of problems that
INT_MULTIPLY_OVERFLOW does not have. In C, one would need
a function like safe_mul for every integer type of interest:
int, unsigned, long, unsigned long, time_t, dev_t, size_t,
off_t, etc. And when mixing types, one would have to worry about
overflow when converting A or B to uint, a problem
that would occur before safe_mul began executing and
therefore a problem that safe_mul could not diagnose.