On Sat, 2 Jul 2005, Florian Weimer wrote:
I am puzzled, why would *ANYONE* who knows C use int
rather than unsigned if they want wrap around semantics?
Both OpenSSL and Apache programmers did this, in carefully reviewed
code which was written in response to a security report. They simply
didn't know that there is a potential problem. The reason for this
gap in knowledge isn't quite clear to me.
I've done a lot of C programming in the last three years, and for my day
job I'm working on a C compiler (albeit in parts that are not very C
specific), and I didn't know that signed overflow is undefined. Why not?
I guess I never heard otherwise and I just assumed it would wrap due to
two's complement arithmetic. I don't think I've ever written a serious C
program that required wrap-around on overflow, though.
Nick
