[FFmpeg-devel] [PATCH 001/244] Add a new channel layout API
Nicolas George
george at nsup.org
Tue Jan 14 16:46:17 EET 2020
Anton Khirnov (12020-01-12):
> Your explanation does not make sense to me. Checking for negative values
> is not guarding against overflow, it's "checking after the fact whether
> overflow occurred". Any such checks, whether signed or unsigned, are
> necessarily invalid and broken (hence the quotes). Guarding against
> overflow must always be done by checking BEFORE the operation that might
> overflow - again both for signed and unsigned.
>
> From this angle, there is no difference between using signed and
> unsigned values. The fact that in one case the overflow would have been
> UB and the other wouldn't changes nothing here.
You are right: if the code is known to be 100% bug-free, then it makes
no difference. But even TeX's code is not known to be 100% bug-free. And
when there may be bugs, I think I have given ample proof that signed
with UB are more dangerous than unsigned with modular arithmetic.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200114/1d23159c/attachment.sig>
More information about the ffmpeg-devel
mailing list