On 16 Mar 2022 08:12, R. Diez wrote:
> > __builtin_mul_overflow showed up with gcc-5, so stub it out for older
> > versions.
> > [...]
> > +#if !__GNUC_PREREQ__(5, 0)
> > +#define __builtin_mul_overflow(a, b, size) ({ *(size) = (a) * (b); 0; })
> 
> I do not understand why Newlib needs to "stub it out" like this.

because the builtin doesn't exist, and attempting to use it leads to
undefined functions, and the resulting libc.a can't link anything.

> According to the GCC documentation, this kind of built-in routines allow the caller to check whether the operations overflowes. But the code above performs no overflow checking at all.
> 
> Therefore, compiling your code with GCC < 5 will silently break your application. After all, the only reason to use __builtin_mul_overflow() is that you need to check for overflow, is it?

practically speaking, i don't think this is a big deal.  newlib gained these
checks only "recently" (<2 years ago).  newlib has been around for much much
longer, and the world didn't notice.  yes, if an app starts trying to allocate
huge amounts of memory such that it triggers 32-bit overflows when calculating,
the new size, it will probably internally allocate fewer bytes than requested,
and things will get corrupted.  but like, don't do that :p.  such applications
probably will have other problems already.
-mike