This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: PATCH [4/n]: Support 64bit time_t and 32bit long

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: "H.J. Lu" <hjl dot tools at gmail dot com>
Cc: Roland McGrath <roland at hack dot frob dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Thu, 15 Mar 2012 14:10:04 -0700
Subject: Re: PATCH [4/n]: Support 64bit time_t and 32bit long
References: <20120315193843.GA16720@intel.com> <20120315195258.C3D4F2C0AA@topped-with-meat.com> <CAMe9rOp2xXN+SFQGEebViSRsLWv58F+AQRVBkxFHi62AzZuWpQ@mail.gmail.com> <CAMe9rOoQLPFq4HThatPbDbZUAHtWxn1u1RGByuir9BR+5FsdLg@mail.gmail.com>

On 03/15/2012 01:17 PM, H.J. Lu wrote:
>    days = *t / SECS_PER_DAY;
> +  if (days != *t / SECS_PER_DAY)
> +    goto overflow;

This is not a reliable way to test for integer overflow.
Since 'days' is signed, the compiler can assume that the
assignment does not overflow, and can ignore the 'if' entirely.

Instead, I suggest changing 'days' to be of type time_t,
so that overflow cannot occur here.

> @@ -65,6 +67,9 @@ __offtime (t, offset, tp)
>        /* Guess a corrected year, assuming 365 days per year.  */
>        long int yg = y + days / 365 - (days % 365 < 0);
>  
> +      if (yg < 0)
> +	goto overflow;
> +

Similarly here.

References:
- PATCH [4/n]: Support 64bit time_t and 32bit long
  - From: H.J. Lu
- Re: PATCH [4/n]: Support 64bit time_t and 32bit long
  - From: Roland McGrath
- Re: PATCH [4/n]: Support 64bit time_t and 32bit long
  - From: H.J. Lu
- Re: PATCH [4/n]: Support 64bit time_t and 32bit long
  - From: H.J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]