From: Solar Designer
Sent: 12 February 2022 22:37
...
bool is_ucounts_overlimit(struct ucounts *ucounts, enum ucount_type type, unsigned long rlimit) { struct ucounts *iter; long max = rlimit; if (rlimit > LONG_MAX) max = LONG_MAX;
The assignment on "long max = rlimit;" would have already been UB if "rlimit > LONG_MAX", which is only checked afterwards. I think the above would be better written as:
I'm pretty sure assignments and casts of negative values to unsigned types are actually well defined. Although the actual value may differ for ones-compliment and sign-overpunch systems. But I suspect Linux requires twos-compliment negative numbers.
(In much the same way as it requires that NULL be the all zero bit pattern - although a load of annoying compiler warnings are only relevant if that isn't the case.)
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)