David LeBlanc and I have written a good deal about Integer Overflow issues, including the following:
A couple of days ago I saw some code from someone outside of Microsoft claiming they had found a new (read: cheap) way to detect integer overflow errors, here's the code snippet:
void *p= NULL;size_t cb = z + (x * y);if ((int)cb > 0 && cb < MAX) p=malloc(cb);
Basically, you cast the result to signed, and if it’s negative, then there must be an overflow… right?
I had no spare cycles, so I asked David to look at it. He shot the code down in about 15secs. So what's wrong with the code?