Mailing List Archive

From:: Todd C. Miller <millert@openbsd.org>
Subject:: Re: ctfconv fix it_cmp function
To:: Claudio Jeker <claudio@openbsd.org>
Cc:: Martin Pieuchot <mpi@openbsd.org>, tech@openbsd.org
Date:: Thu, 22 Feb 2024 09:27:51 -0700

Download raw body.

Thread

2024-02-22 12:16 Martin Pieuchot:
ctfconv fix it_cmp function
- 2024-02-22 13:11 Claudio Jeker:
  ctfconv fix it_cmp function
2024-02-22 16:27 Todd C. Miller:
ctfconv fix it_cmp function

That looks better indeed.  It is almost never safe to use subtraction
in a compare function.  Even for plain int it is possible to have
signed integer overflow, which is undefined behavior.

The only safe patterns are:

    int ret = a > b ? 1 : a < b ? -1 : 0;

or:

    int ret = (a > b) - (a < b);

Personally, I prefer an expanded version of the first one, as you
chose to do.

OK millert@

 - todd

2024-02-22 12:16 Martin Pieuchot:
ctfconv fix it_cmp function
- 2024-02-22 13:11 Claudio Jeker:
  ctfconv fix it_cmp function
2024-02-22 16:27 Todd C. Miller:
ctfconv fix it_cmp function