diff options
| author | Ganesh Ajjanagadde <gajjanagadde@gmail.com> | 2015-11-01 10:43:56 -0500 |
|---|---|---|
| committer | Ganesh Ajjanagadde <gajjanagadde@gmail.com> | 2015-11-03 16:28:30 -0500 |
| commit | 92e483f8ed70d88d4f64337f65bae212502735d4 (patch) | |
| tree | 39934a7084b155a0034dfdb1e78248644458a33c /ffmpeg.c | |
| parent | 265f83fd35977a80e93b3cc13ceb65f52f129a3c (diff) | |
| download | ffmpeg-92e483f8ed70d88d4f64337f65bae212502735d4.tar.gz | |
all: use FFDIFFSIGN to resolve possible undefined behavior in comparators
FFDIFFSIGN was created explicitly for this purpose, since the common
return a - b idiom is unsafe regarding overflow on signed integers. It
optimizes to branchless code on common compilers.
FFDIFFSIGN also has the subjective benefit of being easier to read due
to lack of ternary operators.
Tested with FATE.
Things not covered by this are unsigned integers, for which overflows
are well defined, and also places where overflow is clearly impossible,
e.g an instance where the a - b was being done on 24 bit values.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Diffstat (limited to 'ffmpeg.c')
| -rw-r--r-- | ffmpeg.c | 3 |
1 files changed, 1 insertions, 2 deletions
@@ -2578,8 +2578,7 @@ static InputStream *get_input_stream(OutputStream *ost) static int compare_int64(const void *a, const void *b) { - int64_t va = *(int64_t *)a, vb = *(int64_t *)b; - return va < vb ? -1 : va > vb ? +1 : 0; + return FFDIFFSIGN(*(const int64_t *)a, *(const int64_t *)b); } static int init_output_stream(OutputStream *ost, char *error, int error_len) |