Re: [PATCH] udf: uint32_t can't be less than zero

From: Denis Vlasenko
Date: Sun Apr 24 2005 - 04:43:58 EST

Next message: Oleg Nesterov: "Re: 2.6.12-rc2-mm3"
Previous message: Arjan van de Ven: "Re: [2.6 patch] unexport insert_resource"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Saturday 23 April 2005 21:48, Jesper Juhl wrote:
> Here's a patch that removes a few bits from fs/udf/balloc.c that
> test uint32_t values for being less than zero, which is impossible.
>
> I know not everyone agree with this sort of cleanup, but I figured I'd do
> the patch in any case, then leave it up to the maintainer to apply it or
> drop it.
>
> Please keep me on CC: when replying.
> - if (bloc.logicalBlockNum < 0 ||
> - (bloc.logicalBlockNum + count) > UDF_SB_PARTLEN(sb, bloc.partitionReferenceNum))
> + if ((bloc.logicalBlockNum + count) > UDF_SB_PARTLEN(sb, bloc.partitionReferenceNum))

It is not immediately visible here that bloc.logicalBlockNum is unsigned.
One needs to check that by looking at the definition.

Also if later someone changes bloc.logicalBlockNum into signed entity, code
becomes buggy. Not good.

gcc already optimizes out such checks:

# gcc -O2 t.c -S -fomit-frame-pointer
# cat t.c t.s
extern unsigned v;

int f() {
return v<0 || v>100 || v==50;
}
.file "t.c"
.text
.p2align 2,,3
.globl f
.type f, @function
f:
movl v, %edx
xorl %eax, %eax
cmpl $100, %edx
ja .L3
cmpl $50, %edx
je .L3
ret
.p2align 2,,3
.L3:
movl $1, %eax
ret
.size f, .-f
.section .note.GNU-stack,"",@progbits
.ident "GCC: (GNU) 3.4.3"
--
vda

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oleg Nesterov: "Re: 2.6.12-rc2-mm3"
Previous message: Arjan van de Ven: "Re: [2.6 patch] unexport insert_resource"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]