#3880: integer overflow in date.c (mutt_mktime)
-----------------------+----------------------
Reporter: vinc17 | Owner: mutt-dev
Type: defect | Status: new
Priority: critical | Milestone:
Component: mutt | Version: 1.7.0
Resolution: | Keywords:
-----------------------+----------------------
Comment (by vinc17):
Casting a negative value to an unsigned type makes sense when doing
modular arithmetic.
The rule is also necessary to be able to compute an absolute value. In GNU
MPFR, we have the following macro:
{{{
#define SAFE_ABS(type,x) ((x) >= 0 ? (type)(x) : -(type)(x))
}}}
where {{{type}}} is an unsigned type (e.g., if {{{x}}} is of type
{{{int}}}, then {{{type}}} is typically {{{unsigned int}}}). Computing the
opposite before the cast is invalid, as the opposite of a signed integer
may not be representable (opposite of the minimum value in two's
complement), thus may yield an integer overflow, which is undefined
behavior.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3880#comment:9>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
