Re: [RFC] Mitigating unexpected arithmetic overflow

Thu, 16 May 2024 06:31:29 -0700 


On May 15, 2024 12:36:36 AM PDT, Peter Zijlstra <pet...@infradead.org> wrote:
>On Wed, May 08, 2024 at 04:47:25PM -0700, Linus Torvalds wrote:
>> For example, the most common case of overflow we've ever had has very
>> much been array indexing. Now, sometimes that has actually been actual
>> undefined behavior, because it's been overflow in signed variables,
>> and those are "easy" to find in the sense that you just say "no, can't
>> do that". UBSAN finds them, and that's good.
>
>We build with -fno-strict-overflow, which implies -fwrapv, which removes
>the UB from signed overflow by mandating 2s complement.

I am a broken record. :) This is _not_ about undefined behavior.

This is about finding a way to make the intent of C authors unambiguous. That 
overflow wraps is well defined. It is not always _desired_. C has no way to 
distinguish between the two cases.

-Kees

-- 
Kees Cook



























					Reply via email to