From: Jaco Kroon <jaco@kroon.co.za>
To: kernel-janitors@vger.kernel.org
Subject: Re: [KJ] [patch] potential data-corruption fix in md.c
Date: Fri, 02 Dec 2005 20:48:22 +0000 [thread overview]
Message-ID: <4390B316.4010508@kroon.co.za> (raw)
In-Reply-To: <8378.192.96.150.57.1133516341.squirrel@mail.interexcel.co.za>
[-- Attachment #1.1: Type: text/plain, Size: 1994 bytes --]
Håkon Løvdal wrote:
> On 12/2/05, Jaco Kroon <jaco@kroon.co.za> wrote:
>
>>Or just cast to (unsigned int) for the check?
>>Perhaps that happens implicitly?
>>Would that be compiler dependant?
>
>
> The conversion does indeed happen implicit, and the C standard
> (ISO/IEC 9899:1990) does very specific specify how this should be done,
> see "6.2.1.5 Usual arithmetic conversions" for details.
>
> The short version is that a smallest type is promoted to the biggest type
> as well that unsigned "wins" over signed. The last point can result in
> some unexpected results if you are not careful.
> Example: What does the following program print?
>
> #include <stdio.h>
> int main(int argc, char *argv[])
> {
> unsigned int i = 12345;
> if (i < -1)
> printf("(%d < -1)\n", i);
> else
> printf("! (%d < -1)\n", i);
> return 0;
> }
jkroon@pug tmp $ gcc -o signed_unsigned signed_unsigned.c
jkroon@pug tmp $ gcc -o signed_unsigned signed_unsigned.c -Wall -W
signed_unsigned.c: In function `main':
signed_unsigned.c:5: warning: comparison between signed and unsigned
signed_unsigned.c: At top level:
signed_unsigned.c:2: warning: unused parameter 'argc'
signed_unsigned.c:2: warning: unused parameter 'argv'
jkroon@pug tmp $ ./signed_unsigned
(12345 < -1)
jkroon@pug tmp $
Which means that gcc is smart enough to recognise that you are doing
something unusual, and 12345 is indeed < -1 due to the fact that -1 is
in fact 2 ^ 32 - 1. As such the test in register_md_personality with
pnum >= MAX_PERSONALITY is in fact sufficient since MAX_PERSONALITY is
unsigned, so pnum gets converted to unsigned (negative values becomes
extremely large) and as such the <0 is done "by accident".
Very, very nice, but extremely unclear from the code :).
Jaco
--
There are only 10 kinds of people in this world,
those that understand binary and those that don't.
http://www.kroon.co.za/
[-- Attachment #1.2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3166 bytes --]
[-- Attachment #2: Type: text/plain, Size: 168 bytes --]
_______________________________________________
Kernel-janitors mailing list
Kernel-janitors@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/kernel-janitors
prev parent reply other threads:[~2005-12-02 20:48 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-02 9:39 [KJ] [patch] potential data-corruption fix in md.c Jaco Kroon
2005-12-02 17:38 ` Jesper Juhl
2005-12-02 18:57 ` Alexey Dobriyan
2005-12-02 19:19 ` Jaco Kroon
2005-12-02 19:45 ` Håkon Løvdal
2005-12-02 20:48 ` Jaco Kroon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4390B316.4010508@kroon.co.za \
--to=jaco@kroon.co.za \
--cc=kernel-janitors@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.