usual arithmetic promotions
Posted Jan 10, 2005 15:37 UTC (Mon) by velco
In reply to: usual arithmetic promotions
Parent article: grsecurity 2.1.0 and kernel vulnerabilities
> ANSI/ISO, however, has "value preserving" promotions, i.e. the compiler
> tries to find a type that will represent all possible values of the types
> of both operands of to widen the operands to.
Incorrect. If operand types (after integer promotions) differ, one of
the operands can be at most widened to the unsigned version of the type of
the other operand. IOW, the original operand types set an upper limit on
the width of the promoted operands. The relevant section of Teh Standard
| If both operands have the same type, then no
| further conversion is needed.
| Otherwise, if both operands have signed integer
| types or both have unsigned integer types, the
| operand with the type of lesser integer conversion
| rank is converted to the type of the operand with
| greater rank.
| Otherwise, if the operand that has unsigned
| integer type has rank greater or equal to the rank
| of the type of the other operand, then the operand
| with signed integer type is converted to the type
| of the operand with unsigned integer type.
| Otherwise, if the type of the operand with signed
| integer type can represent all of the values of
| the type of the operand with unsigned integer
| type, then the operand with unsigned integer type
| is converted to the type of the operand with
| signed integer type.
| Otherwise, both operands are converted to the
| unsigned integer type corresponding to the type of
| the operand with signed integer type.
In the concrete case of comparing int and size_t, for all the cases of
practical interest (i.e., size_t having conversion rank greater than or
equal to the conversion rank of int), the int operand will be converted to
size_t and negative value will result in an error return.
to post comments)