* Robert Dewar:

> I am puzzled, why would *ANYONE* who knows C use int
> rather than unsigned if they want wrap around semantics?

Both OpenSSL and Apache programmers did this, in carefully reviewed
code which was written in response to a security report.  They simply
didn't know that there is a potential problem.  The reason for this
gap in knowledge isn't quite clear to me.

Probably it's hard to accept for hard-code C coders that a program
which generates correct machine code with all GCC versions released so
far (modulo bugs in GCC) can still be illegal C and exhibit undefined
behavior.  IIRC, I needed quite some time to realize the full impact
of this distinction.

Reply via email to