Hi, On Thu, Feb 22, 2018 at 5:37 PM, Selva Nair <selva.n...@gmail.com> wrote:
>> +/** Return true if the addition of a and b would overflow. */ >> +static inline bool >> +time_t_add_overflow(time_t a, time_t b) { >> + static_assert(((time_t) -1) < 0, "OpenVPN assumes time_t is signed"); >> + static_assert(((time_t) .9) == 0, "OpenVPN assumes time_t is integer >> type"); >> + static_assert(sizeof(time_t) == sizeof(long) || sizeof(time_t) == >> sizeof(long long), >> + "OpenVPN assumes that time_t is of type long int or long long int"); >> + static const time_t TIME_MAX = sizeof(time_t) == sizeof(long) ? >> + LONG_MAX : LLONG_MAX; >> + static const time_t TIME_MIN = sizeof(time_t) == sizeof(long) ? >> + LONG_MIN : LLONG_MIN; >> + return (a > 0 && b > TIME_MAX - a) || (a < 0 && b < TIME_MIN - a); > > Interesting. But I think this can be simplified much. Addition of > identically sized integers a and b overflows if and only if > > ((a > 0 && a + b < b) || (a < 0 && a + b > b)) > > As overflow is possible only when both have same sign it can also be written > as > > ((a > 0 && a + b < a) || (a < 0 && a + b > a)) > > So the TIME_MAX and TIME_MIN may be eliminated and that means no need > to check signed/unsigned or long/long-long. > > Am I missing something? Hm... replying to self: I suppose the worry is related to unsigned int arithmetic overflow being undefined behaviour in C. So potentially a compiler can treat those statements as always true if it wishes.. Well, excuse the noise I caused then. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel