Vulnerability Development mailing list archives
Re: MSIE integer overflows
From: xenophi1e <oliver.lavery () sympatico ca>
Date: 14 May 2003 17:02:57 -0000
In-Reply-To: <004e01c319fb$7ec41050$0100a8c0@grotedoos>
Not true: "++i" will increase i first and return the result of that increased i where "i++" will return i and then increase it: -- example.js -- var i=1; document.write(++i); // prints 2, i=2; document.write(i++); // prints 2, i=3; -- cut here --
Yes, of course. Again, I'm talking about C here, simply because I don't know JS to this level of detail. But... document.write((i==++i) + ' ' + (i==++i) + '<BR>'); Seems like ambiguous code that might rely on unspecified behaviours. Postincrement and preincrement are gotchas in C. For example the following code: i = 2; printf ("%d", i++ * i++); Often does not print 6 as you might think, but rather prints 4. The reason is that the postincrement operator increments the values before the next sequence point, not necessarily the next _operation_. I was just pointing out that using expressions like i == ++i seems a bit suspect. I'm not certain, but I believe a C compiler is free to do both increments prior to the rest of the expression. It does seem like it should always be a tautology, though. Do you get the same results if you write the same code less ambiguously? Cheers, ~ol
Current thread:
- MSIE integer overflows Berend-Jan Wever (May 12)
- <Possible follow-ups>
- Re: MSIE integer overflows xenophi1e (May 13)
- Re: MSIE integer overflows Berend-Jan Wever (May 14)
- Re: MSIE integer overflows Luciano Miguel Ferreira Rocha (May 15)
- Re: MSIE integer overflows Berend-Jan Wever (May 14)
- Re: MSIE integer overflows xenophi1e (May 14)
- Re: MSIE integer overflows Berend-Jan Wever (May 15)
- RE: MSIE integer overflows Cameron Brown (May 16)
- Re: MSIE integer overflows Berend-Jan Wever (May 15)
- Re: MSIE integer overflows xenophi1e (May 16)