Page History

This code resembles the test for wraparound from the {{sprint()}} function as implemented for the Plan 9 operating system.  If {{buf + len < buf}} evaluates to true, {{len}} is assigned the remaining space minus 1 byte.  However, because the expression {{buf + len < buf}} constitutes undefined behavior, compilers can assume this condition will never occur and optimize out the entire conditional statement.  In gcc versions 4.2 and later, for example, code that performs checks for wrapping that depend on undefined behavior (such as the code in this noncompliant code example) are optimized away; no object code to perform the check appears in the resulting executable program \[[VU#162289|AA. C++ References#VU#162289]\].  This is of special concern because it often results in the silent elimination of code that was inserted to provide a safety or security check. For gcc version 4.2.4 and later, this optimization may be disabled for with the {{-fno-strict-overflow}} option.

\[[Banahan 03|AA. C++ References#Banahan 03]\] [Section 5.3, "Pointers,"|http://publications.gbdirect.co.uk/c_book/chapter5/pointers.html] and [Section 5.7, "Expressions involving pointers"|http://publications.gbdirect.co.uk/c_book/chapter5/pointer_expressions.html]
\[[ISO/IEC 14882-2003|AA. C++ References#ISO/IEC 14882-2003]\] Section 18.7
\[[MITRE 07|AA. C++ References#MITRE 07]\] [CWE ID 129|http://cwe.mitre.org/data/definitions/129.html], "Unchecked Array Indexing"
\[[VU#162289|AA. C++ References#VU#162289]\]