On 12/12/2013 10:12 PM, Eric Lubin wrote: > he disregards the fact that integer overflow is undefined in C No, it's listed in FIXME comments:
/* FIXME: Check for arithmetic overflow in all cases, not just some of them. */ ... /* FIXME: It also assumes that signed integer overflow silently wraps around, but this is not true any more with recent versions of GCC 4. */ The patch you sent in doesn't look right, as it appears to assume that time_t is the same width as 'long'. Also, it incorrectly assumes that t0, t1, t2, and t3 are nonnegative. Furthermore, it'd be better to use the INT_MULTIPLY_OVERFLOW and INT_ADD_OVERFLOW macros of intprops.h rather than try to reinvent that wheel. I should mention that the code is riddled with problems in this area, e.g., apply_relative_time doesn't even check for overflow. It'd be nice if someone had the time to fix all this.
