[cfe-dev] A need for an "-fsanitize=integer-assign-overflow"

Richard Smith richard at metafoo.co.uk
Tue Jan 21 13:21:43 PST 2014


On Tue, Jan 21, 2014 at 1:15 AM, Yury Gribov <y.gribov at samsung.com> wrote:

> Are we talking about signed or unsigned overflows? Both may be useful but
> second isn't UB.


The subject is not overflow, it's truncating conversion. The semantics here
are well-defined -- for a conversion to unsigned, they're defined in the
language standard, and for a conversion to signed, they're
implementation-defined. In the latter case, essentially all modern
implementations define the conversion as a 2s complement truncation.

So... neither of these belong in -fsanitize=undefined. They might make
sense in -fsanitize=integer, though.


> > The question is whether it is worth implementing.
>
> There are some CWEs for it:
> * CWE-197: Numeric Truncation Error (http://cwe.mitre.org/data/
> definitions/197.html)
> * CWE-192: Integer Coercion Error (http://cwe.mitre.org/data/
> definitions/192.html)
>
> -Y
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140121/a6dc5a84/attachment.html>


More information about the cfe-dev mailing list