On 2016-04-13 07:24:50 -0700, Kevin J. McCarthy wrote: > On Wed, Apr 13, 2016 at 10:34:31AM +0200, Vincent Lefevre wrote: > > On 2016-04-12 12:41:05 -0700, Kevin J. McCarthy wrote: > > > I'm attaching a slightly revised part1 patch, and adding another patch > > > to the series. The first patch is changed so that the spacing can be > > > invoked when pad=0. (There still might be a spacing issue for that case.) > > > > > > The second patch fixes softpad when the pad character itself is > > > multicolumn. > > > > In this second patch: > > > > + pad = ((signed)(destlen - wlen - len)) / pl; > > > > The cast to "signed" seems useless and confusing: what is its goal? > > Hi Vincent, > > Thanks for taking a look at the patches. That particular line was > actually just moved from above the "if (pad >= 0)" to inside it. > > I think because destlen, wlen, and len are all size_t, if wlen+len were > larger then destlen the resulting subtraction could turn into a large > value, instead of the desired negative number (e.g., if we ran out of > space).
But in this case, the result of the cast is implementation-defined; in particular, it could yield a signal (I hope that there will be such an option in GCC one day, for security, because this may be the consequence of an unexpected integer overflow, which could become a buffer overflow). So, the code is incorrect. And the division with a negative argument is only defined in C99, so that may be another problem (it is known that some compilers may still deviate from C99, including GCC unless -std=c99 is provided). -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
