diff options
author | Ganesh Ajjanagadde <gajjanagadde@gmail.com> | 2015-11-01 10:43:56 -0500 |
---|---|---|
committer | Ganesh Ajjanagadde <gajjanagadde@gmail.com> | 2015-11-03 16:28:30 -0500 |
commit | 92e483f8ed70d88d4f64337f65bae212502735d4 (patch) | |
tree | 39934a7084b155a0034dfdb1e78248644458a33c /cmdutils.c | |
parent | 265f83fd35977a80e93b3cc13ceb65f52f129a3c (diff) | |
download | ffmpeg-92e483f8ed70d88d4f64337f65bae212502735d4.tar.gz |
all: use FFDIFFSIGN to resolve possible undefined behavior in comparators
FFDIFFSIGN was created explicitly for this purpose, since the common
return a - b idiom is unsafe regarding overflow on signed integers. It
optimizes to branchless code on common compilers.
FFDIFFSIGN also has the subjective benefit of being easier to read due
to lack of ternary operators.
Tested with FATE.
Things not covered by this are unsigned integers, for which overflows
are well defined, and also places where overflow is clearly impossible,
e.g an instance where the a - b was being done on 24 bit values.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Diffstat (limited to 'cmdutils.c')
-rw-r--r-- | cmdutils.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cmdutils.c b/cmdutils.c index e3e989184c..41daa9565d 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -1421,7 +1421,7 @@ static int compare_codec_desc(const void *a, const void *b) const AVCodecDescriptor * const *da = a; const AVCodecDescriptor * const *db = b; - return (*da)->type != (*db)->type ? (*da)->type - (*db)->type : + return (*da)->type != (*db)->type ? FFDIFFSIGN((*da)->type, (*db)->type) : strcmp((*da)->name, (*db)->name); } |