From 92e483f8ed70d88d4f64337f65bae212502735d4 Mon Sep 17 00:00:00 2001 From: Ganesh Ajjanagadde Date: Sun, 1 Nov 2015 10:43:56 -0500 Subject: all: use FFDIFFSIGN to resolve possible undefined behavior in comparators MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit FFDIFFSIGN was created explicitly for this purpose, since the common return a - b idiom is unsafe regarding overflow on signed integers. It optimizes to branchless code on common compilers. FFDIFFSIGN also has the subjective benefit of being easier to read due to lack of ternary operators. Tested with FATE. Things not covered by this are unsigned integers, for which overflows are well defined, and also places where overflow is clearly impossible, e.g an instance where the a - b was being done on 24 bit values. Reviewed-by: Michael Niedermayer Reviewed-by: Clément Bœsch Signed-off-by: Ganesh Ajjanagadde --- libavfilter/vf_deshake.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'libavfilter/vf_deshake.c') diff --git a/libavfilter/vf_deshake.c b/libavfilter/vf_deshake.c index e32436d00c..79fcc200e1 100644 --- a/libavfilter/vf_deshake.c +++ b/libavfilter/vf_deshake.c @@ -94,8 +94,7 @@ AVFILTER_DEFINE_CLASS(deshake); static int cmp(const void *a, const void *b) { - const double va = *(const double *)a, vb = *(const double *)b; - return va < vb ? -1 : ( va > vb ? 1 : 0 ); + return FFDIFFSIGN(*(const double *)a, *(const double *)b); } /** -- cgit v1.2.3