lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Aug 2022 10:49:07 -0700 From: Kees Cook <keescook@...omium.org> To: Rasmus Villemoes <linux@...musvillemoes.dk> Cc: Gwan-gyeong Mun <gwan-gyeong.mun@...el.com>, Andrzej Hajda <andrzej.hajda@...el.com>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, linux-hardening@...r.kernel.org, Daniel Latypov <dlatypov@...gle.com>, Vitor Massaru Iha <vitor@...saru.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3] overflow: Allow mixed type arguments On Tue, Aug 30, 2022 at 09:52:32PM +0200, Rasmus Villemoes wrote: > On 30/08/2022 21.21, Kees Cook wrote: > > [...] > > + * *@d holds the results of the attempted addition, but is not considered > > + * "safe for use" on a non-zero return value, which indicates that the > > + * sum has overflowed or been truncated. > > I don't like that wording. It makes it sound like there's some ambiguity > or (implementation|un)-definedness involved in what the destination > holds on overflow. The gcc documentation is perfectly clear that the > result is the infinite-precision result truncated to N bits, with N > being the bitwidth of d. Hm, well, I think use of *d should be strongly discouraged on overflow. How about just adding the specifics to the end? * *@d holds the result of the attempted addition, but is not considered * "safe for use" on a non-zero return value, which indicates that the * sum has overflowed or been truncated. (*@d will contain the * infinite-precision result truncated to the bitwidth of *@d.) -- Kees Cook
Powered by blists - more mailing lists