Skip to content

Fix overflow checking in archive_entry_sparse_add_entry() #33

Merged
merged 1 commit into from Mar 30, 2013

2 participants

@xiw
xiw commented Jan 20, 2013

gcc optimizes the overflow check x + y < 0 (assuming x, y >= 0) into false, since signed integer overflow is undefined behavior in C.

Below is the simplified code.

#include <stdint.h>

void bar(void);

void foo(int64_t offset, int64_t length)
{
    if (offset < 0 || length < 0)
        return;
    if (offset + length < 0)
        bar();
}

Run gcc with -O2.

$ gcc -S -o - -O2 t.c
...
foo:
.LFB0:
    .cfi_startproc
    rep ret

We can see that gcc optimizes away the check.

This patch uses a safe precondition check instead.

@xiw xiw Fix overflow checking in archive_entry_sparse_add_entry()
gcc will optimize the overflow check x + y < 0 (assuming x, y >= 0)
into false, since signed integer overflow is undefined behavior in C.
Use a safe precondition check instead.
bc533e5
@xiw
xiw commented Mar 30, 2013

Just tested with the latest release gcc 4.8.0. It still optimizes away the sanity check in archive_entry_sparse_add_entry(), the same as gcc 4.7.2 does.

@kientzle kientzle merged commit af4124d into libarchive:master Mar 30, 2013
@kientzle
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.