[FFmpeg-devel] [PATCH 001/244] Add a new channel layout API
Anton Khirnov
anton at khirnov.net
Sun Jan 12 21:55:20 EET 2020
Quoting Nicolas George (2020-01-12 14:28:06)
> Anton Khirnov (12020-01-07):
> > How is it any better in the unsigned case? You do a well-defined
> > unsigned overflow and end up with an invalid channel count (which might
> > even look sane).
>
> I explained this: you can guard against defined behaviors, not against
> undefined behaviors, because the compilers are allowed to shunt the
> checks, and they do.
Your explanation does not make sense to me. Checking for negative values
is not guarding against overflow, it's "checking after the fact whether
overflow occurred". Any such checks, whether signed or unsigned, are
necessarily invalid and broken (hence the quotes). Guarding against
overflow must always be done by checking BEFORE the operation that might
overflow - again both for signed and unsigned.
>From this angle, there is no difference between using signed and
unsigned values. The fact that in one case the overflow would have been
UB and the other wouldn't changes nothing here.
--
Anton Khirnov
More information about the ffmpeg-devel
mailing list