SafeInt 3.0.15

Rating:        Based on 1 rating
Reviewed:  1 review
Downloads: 137
Released: Jul 24, 2011
Updated: Jul 31, 2011 by dcleblanc
Dev status: Stable Help Icon

Recommended Download

Source Code SafeInt3.hpp
source code, 214K, uploaded Jul 31, 2011 - 96 downloads

Other Available Downloads

Source Code SafeIntTest.cpp
source code, 7K, uploaded Jul 25, 2011 - 41 downloads

Release Notes

This release contains several updates that make it work properly with 64-bit gcc, and also contains several fixes that will reduce the warning count on gcc - unimportant warnings were suppressed for the Microsoft compiler, but not for gcc.

Notable changes -
Some refactoring was done to eliminate compile-time constant conditionals in the various corner case methods, such as division by a SafeInt.
More spots were found where I had over-specified the function argument when the template specialization implied a 64-bit int of some type. These issues occur because 64-bit gcc has 64-bit longs. (Thanks Ahmed for the additional testing).

The test harness has been greatly extended - many thanks to Jeffrey Walton, and a runtime bug has been found (and corrected) in unsigned int64, signed int64 cases where the signed int is negative.

Future directions - I suspect there will be more warning reduction work needed on gcc, and there should be throw() annotations that understand whether we're throwing C++ exceptions, or doing something else. If we're throwing Win32 exceptions, or terminating the app, then SafeInt can be properly used in non-throwing methods without causing warnings.

Update - 7/25 -
Fixed extra typename instances that didn't annoy Visual Studio, but did annoy gcc. (More thanks to Ahmed)
Got rid of yet more warnings.
Folded SafeIntGcc.hpp into SafeInt3.hpp.
Added a C_ASSERT to ensure that we're really dealing with 2's complement negative numbers.

An issue that has come up is that gcc might decide at least some of the time that it can optimize away signed integer overflow checks. The source has been reviewed, and most of the addition template specializations are not affected due to a general approach of upcasting, and then checking for the result being out of bounds. Some of them may need to be checked, and we'll try to create repro scenarios. If there are cases that repro, two things will happen - the first is that an update to the runtime checks will be made to cause them to fail if the compiler is optimizing away the checks. The second is that we'll attempt to rewrite them in terms of unsigned numbers, which they won't optimize away. Stay tuned - 3.0.16 may be coming soon.

Reviews for this release

     
SafeInt is an excellent security library. Its easy to use, and works as expected on Windows, Linux (Ubuntu and Fedora) and Mac OSX. Thanks to LeBlanc's dilligence, the library will compile under modern MSVC, GCC, and ICC compilers (no tweaks needed).
by noloader on Aug 3, 2011 at 7:18 PM