diff options
| author | Xi Wang <xi@mit.edu> | 2013-02-20 12:45:45 -0500 |
|---|---|---|
| committer | Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | 2013-02-20 19:12:51 +0100 |
| commit | 79cd5fb435d910233b1eb03c93c6ae05908ab42b (patch) | |
| tree | 3e29124e9dec22cc00fa5fd4a02524a723fb8e52 /libc/sysdeps | |
| parent | 3d791bda2e68136e5cfc52b5386e0db805b5d3ba (diff) | |
nice: fix overflow checking in int_add_no_wrap()
In C, signed integer overflow is undefined behavior. Many compilers
optimize away checks like `a + b < a'.
Use safe precondition testing instead.
Signed-off-by: Xi Wang <xi@mit.edu>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Diffstat (limited to 'libc/sysdeps')
| -rw-r--r-- | libc/sysdeps/linux/common/nice.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/libc/sysdeps/linux/common/nice.c b/libc/sysdeps/linux/common/nice.c index 3694db882..ed399460f 100644 --- a/libc/sysdeps/linux/common/nice.c +++ b/libc/sysdeps/linux/common/nice.c @@ -25,15 +25,15 @@ static __inline__ _syscall1(int, __syscall_nice, int, incr) static __inline__ int int_add_no_wrap(int a, int b) { - int s = a + b; - if (b < 0) { - if (s > a) s = INT_MIN; + if (a < INT_MIN - b) + return INT_MIN; } else { - if (s < a) s = INT_MAX; + if (a > INT_MAX - b) + return INT_MAX; } - return s; + return a + b; } static __inline__ int __syscall_nice(int incr) |