[PATCH] 6788196: Array bounds checks in io_util.c rely on undefined behaviour
martinrb at google.com
Tue Dec 23 20:42:23 UTC 2008
Does this actually change the behavior with recent gccs?
It seems like the introduction of uint32_t is trading one
non-portability for another, namely relying on C99 features.
I have been waiting patiently for C99 compilers to emerge,
but gcc for example is still not there yet.
If you are going to use types like uint32_t, you should
be including the standard header that defines them - <stdint.h>
More immediate and obvious improvements to the code would
be to change the type of datalen to "jsize" and the type of nread
I suggest, instead of using unsigned types, is to do what
java code would do in a case like this, and cast to jlong
instead of uint32_t to avoid overflow. I approve this patch
if you make that change.
I see you've eliminated one of the checks, which was unnecessary.
Thanks for that.
On Tue, Dec 23, 2008 at 02:21, Gary Benson <gbenson at redhat.com> wrote:
> Hi all,
> In C, the result of an overflowing add of two signed integers is
> undefined. The array bounds checks in readBytes and writeBytes
> in jdk/src/share/native/java/io/io_util.c, however, rely on the
> assumption that the result of the overflowing add will be negative.
> The attached patch fixes.
More information about the core-libs-dev