[flac-dev] Undefined behaviour

Erik de Castro Lopo mle+la at mega-nerd.com
Fri Aug 28 16:27:14 PDT 2015

Hi all,

People watching the git commits might have noticed that I have been
fixing a number of issues around undefined behaviour.

Why you ask?

* Some forms of undefined behaviour have potential for security exploits.
* Compiler writers are free to replace anything which invokes UB with a
  NOP or even, nothing at all.
* Having large numbers of UB warnings makes it difficult (or rather time
  consuming) to check them all for the possibility that they are a
  potentially exploitable.

Most of these UB changes have little liklihood of performance regressions.
However, this one:

    commit 1b8af6bb45a9ad74fa374fb6414974e63ffc793b
    Author: Erik de Castro Lopo <erikd at mega-nerd.com>
    Date:   Sat Aug 29 05:21:43 2015 +1000

    libFLAC/fixed.c: Fix undefined behaviour
    Left shift if a negative integer such that the sign bit is affected is
    (according to the C spec) undefined behaviour and the residual
    calculations using the shift operator were hitting this.
    Fortunately these same calculations using plain multiplication do not
    invoke UB and according to benchmarking (on x86_64 linux) have the same
    performance as the bit shift version.

has no performance impact on x86_64 linux, *may* not be the same with
other compilers.

Since this code is in such an inner loop, any banchmark should show up
regressions if they exist. Please test.

Erik de Castro Lopo

More information about the flac-dev mailing list