On Mon, 9 Aug 2010, John Regehr wrote: > On Sat, 7 Aug 2010, Florian Weimer wrote: > > I wonder if we should give up and make -fwrapv the default. > > My sense is that there are not that many of these integer bugs, and probably > all of them are simple to fix. Best to just fix them and then run a tool like > ours every now and then to see if anything new has popped up.
GCC is of course meant to be written in C (or in future C++) and support being built with non-GNU C (or C++) compilers, rather than being written in C-with-wrapv, so these bugs should be fixed as part of making the code correct C or C++. Apart from the signed overflow undefined behavior bugs, there are also unsigned overflow bugs in memory allocations - none of the macros such as XNEWVEC, or places where the size of an allocation is calculated directly, check for overlow in calculating the size. (See gnulib for examples of allocation functions and macros that do have these checks.) -- Joseph S. Myers jos...@codesourcery.com
