In article <44***********@mindspring.com>,

pete <pf*****@mindspring.com> wrote:

In article <11*********************@i40g2000cwc.googlegroups. com>,

Smurff <da***********@gmail.com> wrote:
>void encrypt(char str[],int key)

>{

> unsigned int i;

> for(i=0;i<strlen(str);++i)

> {

> str[i] = str[i] - key;

> }

>}

If the value of key is INT_MIN,

that would cause undefined behavior in encrypt.

Hmmm, do I read C89 correctly that the char str[i] will be

converted to an int, not an unsigned int, even if char is unsigned,

with the exception of the case where sizeof char == sizeof int

[that being the case where the value of an unsigned char might

not fit within a signed int] ?

C89 3.2.1.1 Characters and Integers

Assuming that all values of char will fit within an int:

- if char is unsigned then its minimum value would be 0,

and if the value of key is INT_MIN then 0-INT_MIN could potentially

be INT_MAX+1 (2's complement system), but on 1's complement or

signed-magnitude then -INT_MIN is INT_MAX and no undefined behaviour

would have occured for those number systems

- if char is signed then its minimum value would be SCHAR_MIN

and that minus INT_MIN might exceed INT_MAX by abs(SCHAR_MIN)

or abs(SCHAR_MIN)+1 . But in this case, it would not just be the

key of value INT_MIN that leads to the undefined behaviour: it would

be any key between INT_MIN and INT_MIN-SCHAR_MIN that would lead

to arithmetic overflow on the subtraction.

On the other hand, once the subtraction is completed, the result

is being stored back into str[i] which is a char. If char is

signed then if the result of the subtraction is less than SCHAR_MIN

then the result of the store operation is undefined. If char

is unsigned then the result of the store operation *is* defined

no matter what the value of the subtraction was [unless the

subtraction result was undefined as per the above.]

In summary, if char is unsigned then there is undefined behaviour

in the case of key = INT_MIN on a 2s complement system, but no

undefined behaviour for 1s complement or signed magnitude;

if char is signed then there is a fair range of values of key

that will produce arithmetic overflow, and an even larger range of

values of key that will produce problems at the assignment operation

even if there was no arithmetic overflow.

--

"law -- it's a commodity"

-- Andrew Ryan (The Globe and Mail, 2005/11/26)