Date: Sat, 22 Sep 2018 23:15:02 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: un-UBify-strings On Sun, Sep 23, 2018 at 03:10:14AM +0000, Pascal Cuoq wrote: > > On 23 Sep 2018, at 04:45, Rich Felker <dalias@...c.org<mailto:dalias@...c.org>> wrote: > I'm also trying to fix the UB in > address range checks for implementing memmove as memcpy, etc. Is this > correct: > > if ((uintptr_t)s-(uintptr_t)d-n <= -2*n) return memcpy(d, s, n); > > ? > > It looks okay to me. You want to test whether > (uintptr_t)s-(uintptr_t)d, computed as a mathematical integer, is > between -n and n, and since uintptr_t is unsigned, you are using the > well-known trick of aligning one of the bounds with 0 so that both > inequalities can be tested in one instruction. Right. > It would seen more natural to me to work on the right-hand side of > zero, that it, to compute (uintptr_t)s-(uintptr_t)d+n and to check > whether that is <= 2*n (overlap) or > 2*n (no overlap). The > generated code may even be one instruction shorter. Apart from that, > as long as we have the hypothesis that n <= UINTPTR_MAX/2, I cannot > immediately see any reason why it would not work. dist(s,d)==n is a no-overlap case. Otherwise I think this is correct and we can use: if ((uintptr_t)s-(uintptr_t)d+n >= 2*n) return memcpy(d, s, n); Yes? Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.