On Mon, 14 Feb 2011, Paul Eggert wrote:
On 02/14/2011 07:59 AM, Olson, Arthur David (NIH/NCI) [E] wrote:
Does the code available at... http://www.cert.org/secure-coding/integralsecurity.html ...survive gcc's latest optimizations?
I doubt whether anybody knows the answer to that question.
Looking at the code, I'm not sure I'd trust that code all that much, as I found a systemic bug in it after five minutes' worth of investigation. In multiple places it naively assumes that integer division can't overflow, which of course is incorrect for two's complement arithmetic.
And in addition to integer division being able to overflow, the modulo operation INT_MIN % -1 is also undefined in C for two's complement arithmetic (C1X makes this undefinedness explicit after the committee confirmed it was as intended). The code appears to ignore that as well. -- Joseph S. Myers jsm@polyomino.org.uk