| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Aug 2022 10:49:07 -0700
From: Kees Cook <keescook@...omium.org>
To: Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Gwan-gyeong Mun <gwan-gyeong.mun@...el.com>,
Andrzej Hajda <andrzej.hajda@...el.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
linux-hardening@...r.kernel.org,
Daniel Latypov <dlatypov@...gle.com>,
Vitor Massaru Iha <vitor@...saru.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] overflow: Allow mixed type arguments
On Tue, Aug 30, 2022 at 09:52:32PM +0200, Rasmus Villemoes wrote:
> On 30/08/2022 21.21, Kees Cook wrote:
> > [...]
> > + * *@d holds the results of the attempted addition, but is not considered
> > + * "safe for use" on a non-zero return value, which indicates that the
> > + * sum has overflowed or been truncated.
>
> I don't like that wording. It makes it sound like there's some ambiguity
> or (implementation|un)-definedness involved in what the destination
> holds on overflow. The gcc documentation is perfectly clear that the
> result is the infinite-precision result truncated to N bits, with N
> being the bitwidth of d.
Hm, well, I think use of *d should be strongly discouraged on overflow.
How about just adding the specifics to the end?
* *@d holds the result of the attempted addition, but is not considered
* "safe for use" on a non-zero return value, which indicates that the
* sum has overflowed or been truncated. (*@d will contain the
* infinite-precision result truncated to the bitwidth of *@d.)
--
Kees Cook
Powered by blists - more mailing lists