Vincent Lefevre <[email protected]> writes:
> But what I mean is that it's pointless to emit such a warning when the
> effect of the potential integer overflow is already visible, for
> instance in printf below:
> m = d * C;
> printf ("%d\n", m);
> return m >= 0;
> If there was an integer overflow, you will get an incorrect value output
> by the printf. This means that it is very likely to be a false
> positive. So, one doesn't want the warning.
It's not pointless because at least now you get a warning and may realize
that the whole function is vulnerable when you go look at the warning
site.
In other words, what you would (rightfully) like is a warning when you're
invoking signed integer overflow, or at least the compiler can't prove
you're not. Unfortunately, the compiler isn't good enough to give you
that warning. Your options are a warning when the compiler can figure
that out, which currently only triggers in some optimization paths, or no
warning at all.
I would like the warning that you want as well, but failing that, I'll
take the optimization path one as at least something.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
