Vincent Lefevre <vinc...@vinc17.net> writes:
> But what I mean is that it's pointless to emit such a warning when the
> effect of the potential integer overflow is already visible, for
> instance in printf below:
> m = d * C;
> printf ("%d\n", m);
> return m >= 0;
> If there was an integer overflow, you will get an incorrect value output
> by the printf. This means that it is very likely to be a false
> positive. So, one doesn't want the warning.
It's not pointless because at least now you get a warning and may realize
that the whole function is vulnerable when you go look at the warning
site.
In other words, what you would (rightfully) like is a warning when you're
invoking signed integer overflow, or at least the compiler can't prove
you're not. Unfortunately, the compiler isn't good enough to give you
that warning. Your options are a warning when the compiler can figure
that out, which currently only triggers in some optimization paths, or no
warning at all.
I would like the warning that you want as well, but failing that, I'll
take the optimization path one as at least something.
--
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8738hf8nq1....@windlord.stanford.edu
