Yes: -- i=32*256*256*256*256*256*256*256; a=i; b=i+1; alert(a+'=='+b+' evaluates to '+(a==b)); -- evaluates to true Berend-Jan Wever ----- Original Message ----- From: "xenophi1e" <oliver.laveryat_private> To: <vuln-devat_private> Sent: Wednesday, May 14, 2003 19:02 Subject: Re: MSIE integer overflows > In-Reply-To: <004e01c319fb$7ec41050$0100a8c0@grotedoos> > > > > >Not true: "++i" will increase i first and return the result of that > > >increased i where "i++" will return i and then increase it: > > >-- example.js -- > > >var i=1; > > >document.write(++i); // prints 2, i=2; > > >document.write(i++); // prints 2, i=3; > > >-- cut here -- > > > > > > > Yes, of course. > > > > Again, I'm talking about C here, simply because I don't know JS to this > > level of detail. But... > > > > document.write((i==++i) + ' ' + (i==++i) + '<BR>'); > > > > Seems like ambiguous code that might rely on unspecified behaviours. > > Postincrement and preincrement are gotchas in C. For example the > > following code: > > > > i = 2; > > printf ("%d", i++ * i++); > > > > Often does not print 6 as you might think, but rather prints 4. The > > reason is that the postincrement operator increments the values before > > the next sequence point, not necessarily the next _operation_. > > > > I was just pointing out that using expressions like i == ++i s > eems a bit > > suspect. I'm not certain, but I believe a C compiler is free to do both > > increments prior to the rest of the expression. It does seem like it > > should always be a tautology, though. > > > > Do you get the same results if you write the same code less ambiguously? > > > > Cheers, > > ~ol >
This archive was generated by hypermail 2b30 : Thu May 15 2003 - 22:47:14 PDT