nice: fix overflow checking in int_add_no_wrap()

In C, signed integer overflow is undefined behavior.  Many compilers
optimize away checks like `a + b < a'.

Use safe precondition testing instead.

Signed-off-by: Xi Wang <xi@mit.edu>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>

diff --git a/libc/sysdeps/linux/common/nice.c b/libc/sysdeps/linux/common/nice.c
index 3694db8..ed39946 100644 (file)
--- a/libc/sysdeps/linux/common/nice.c
+++ b/libc/sysdeps/linux/common/nice.c
@@ -25,15 +25,15 @@ static __inline__ _syscall1(int, __syscall_nice, int, incr)
 
 static __inline__ int int_add_no_wrap(int a, int b)
 {
-       int s = a + b;
-
        if (b < 0) {
-               if (s > a) s = INT_MIN;
+               if (a < INT_MIN - b)
+                       return INT_MIN;
        } else {
-               if (s < a) s = INT_MAX;
+               if (a > INT_MAX - b)
+                       return INT_MAX;
        }
 
-       return s;
+       return a + b;
 }
 
 static __inline__ int __syscall_nice(int incr)