From: Laszlo Ersek <lersek@redhat.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: edk2-devel-01 <edk2-devel@lists.01.org>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <liming.gao@intel.com>
Subject: Re: [PATCH 0/4] MdePkg/BaseSafeIntLib: fix undefined behavior in INT64 Sub/Add/Mult
Date: Fri, 16 Feb 2018 21:44:33 +0100 [thread overview]
Message-ID: <d52995de-bc8d-9c83-5d71-e9b2a8f5398d@redhat.com> (raw)
In-Reply-To: <CAKv+Gu8_2u8kGRBxDoZ7An93wmryn6bAdG_Er0NAvH-FZw0iQg@mail.gmail.com>
On 02/16/18 12:28, Ard Biesheuvel wrote:
> On 15 February 2018 at 18:36, Laszlo Ersek <lersek@redhat.com> wrote:
>> Repo: https://github.com/lersek/edk2.git
>> Branch: signed_range_checks
>>
>> Based on the discussion starting at
>> <https://lists.01.org/pipermail/edk2-devel/2018-February/021178.html>.
>>
>> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>> Cc: Sean Brogan <sean.brogan@microsoft.com>
>>
>> Laszlo Ersek (4):
>> MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Sub()
>> MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Add()
>> MdePkg/BaseSafeIntLib: clean up parentheses in MIN_INT64_MAGNITUDE
>> MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Mult()
>>
>> MdePkg/Library/BaseSafeIntLib/SafeIntLib.c | 110 ++++++++++++++++----
>> 1 file changed, 88 insertions(+), 22 deletions(-)
>>
>
> Hello Laszlo,
>
> Thanks a lot for taking the time to fix this library. I am not a C
> scholar, but I have reviewed these patches to the best of my
> abilities.
>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Great, thank you!
> I take it we don't need to add -fwrapv now?
That's my understanding.
Before starting work on this series, I tried to investigate how far
"-fwrapv" support goes back, considering edk2's toolchains.
With gcc, the earliest version we target is gcc-4.3 (not due to GCC4x
but to UNIXGCC, ELFGCC (presumably), and CYGGCC). "-fwrapv" is available
in gcc-4.3, according to the documentation.
Under CLANG38, "-fwrapv" is also available (I have clang-3.8.1 installed
locally).
However, I couldn't check:
- any VS toolchain
- CLANG35 (the online docs don't seem to list "-fwrapv" -- in fact I
failed to find comprehensive docs for clang-3.5)
- ICC / RVCT / XCODE5 / ...
So, I thought it'd be best to make the code safe.
These patches should cover the signed integer "workhorse" functions, so
I don't think we need "-fwrapv" right now. I also skimmed the rest of
"MdePkg/Library/BaseSafeIntLib/SafeIntLib.c", and given the time I could
spend, things looked OK.
Thank you!
Laszlo
next prev parent reply other threads:[~2018-02-16 20:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-15 18:36 [PATCH 0/4] MdePkg/BaseSafeIntLib: fix undefined behavior in INT64 Sub/Add/Mult Laszlo Ersek
2018-02-15 18:36 ` [PATCH 1/4] MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Sub() Laszlo Ersek
2018-02-15 18:36 ` [PATCH 2/4] MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Add() Laszlo Ersek
2018-02-15 18:36 ` [PATCH 3/4] MdePkg/BaseSafeIntLib: clean up parentheses in MIN_INT64_MAGNITUDE Laszlo Ersek
2018-02-15 18:36 ` [PATCH 4/4] MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Mult() Laszlo Ersek
2018-02-16 11:28 ` [PATCH 0/4] MdePkg/BaseSafeIntLib: fix undefined behavior in INT64 Sub/Add/Mult Ard Biesheuvel
2018-02-16 20:44 ` Laszlo Ersek [this message]
2018-02-16 18:11 ` Kinney, Michael D
2018-02-16 20:49 ` Laszlo Ersek
2018-02-17 3:07 ` Kinney, Michael D
2018-02-21 11:00 ` Laszlo Ersek
2018-02-21 18:10 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d52995de-bc8d-9c83-5d71-e9b2a8f5398d@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox