On Sun, 28 Oct 2007, Florian Weimer wrote:
> * Junio C. Hamano:
>
> > The offending lines are:
> >
> > if (idx_size != min_size) {
> > /* make sure we can deal with large pack offsets */
> > off_t x = 0x7fffffffUL, y = 0xffffffffUL;
> > if (x > (x + 1) || y > (y + 1)) {
> > munmap(idx_map, idx_size);
>
> x and y must be unsigned for this test to work (signed overflow is
> undefined).
I believe the test is trying to determine if signed addition on numbers of
a certain size is safe in this environment. Doing the test with unsigned
variables would cause the test to give a predictable but irrelevant
result. I think gcc is being annoying in assuming that signed overflow
doesn't occur (even when it must), rather than assuming that the result of
signed overflow is some arbitrary and likely not useful value. If we have
an overflow possible with off_t in the way we'd use it, then one of those
tests should be automatically true due to the limited size of the type
(except that I think the test should be >= instead of >). I think we
should be able to assume that the result of a signed overflow, whatever
undefined value it is, is a possible value of its type and therefore not
more than the maximum value of its type, but gcc may be screwing this up.
It's probably best just to test the size of off_t.
-Daniel
*This .sig left intentionally blank*
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
