On 07/18/2014 01:20 PM, Andy Lutomirski wrote: >> >> The reason this is a concern is that: (x > x + n) and its variants is >> often used to mean (x > INT_MAX - n) without the type knowledge, but >> that is actually invalid standard C because signed types are not >> guaranteed to wrap. > > Right, but the constant in this case is *much* less than INT_MAX. > Anyway, this is moot. It isn't about the constant (n) at all, it is about the value of x. > I do wonder whether the kind of people who build hardened kernels > should enable -fwrapv, though. -fwrapv in gcc makes signed arithmetic strict 2's-complement, which is what I think we want in the kernel. Someone would just have to make sure there isn't some key codepath in the kernel which gets pessimized. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
