On Thu, 21 Feb 2019 22:18:56 +0300 Dan Carpenter <[email protected]> wrote:
> On Thu, Feb 21, 2019 at 10:54:58AM -0800, Andrew Morton wrote: > > On Thu, 21 Feb 2019 21:38:26 +0300 Dan Carpenter <[email protected]> > > wrote: > > > > > We put an upper bound on "new" but we don't check for negatives. > > > > U8_MAX has unsigned type, so `if (new > U8_MAX)' does check for negative. > > > > No, doesn't work in this case. > > #define U8_MAX ((u8)~0U) > > It would need to unsigned long for the type promotion to prevent > negatives, but it starts as unsigned int, then unsigned char, which is > type promoted to int. OK. > It would be more clear to just write it as: > > #define U8_MAX 0xff That doesn't work either. Tricky. #include <stdio.h> typedef unsigned char u8; #define U8_MAX 0xff int main(int argc, char *argv[]) { long new; new = -20; if (new > U8_MAX) printf("over\n"); }
