Some useful indications for exercices 1 and 2 are provided in the folllowing paper (sections 2.3 and 2.5): https://pdos.csail.mit.edu/papers/ub:apsys12.pdf % -------------------------------------------------------------------- Exercise 1 ========== - after the first check, both len and offset are assumed to be positive - since signed integer overflow is undefined behavior, the compiler then assumes that offset + len cannot be < 0 and removes this check ... As a result if len and offset are large integers, the whole sanity check is by-passed ... Possible solutions ? 1. try to modify the ordering of the checks, e.g., if ((offset + len > MAXSIZE) || ((offset + len < 0) && offset > 0 && len >= 0)) return -EFBIG // offset + len does overflow if (offset < 0 || len <= 0) return -EINVAL; Not so easy ... 2. convert offset and len into unsigned values (which enforces wrap-around in case on overflow ...) 2. With the GCC compiler: use the "-fno-strict-overflow" option to tell the compiler to not consider such overflows as undefined behavior, and use the "-fwrapv" option to "wrap around" in case of overflows (as in Java) % -------------------------------------------------------------------- Exercise 2 ========== On this exemple, the check "if (!s)" may be deleted by the compiler (assuming that s is not NULL). The execution may then continue with s mapped to address 0 ... To correct it: 1. Always check non-null pointers *before* any dereference operation 2. use the -fno-delete-null-pointer-ckecks gcc option ... (see https://lwn.net/Articles/342330/ for more details ...) Exercise 3 ========== Q1. At least 5 possible runtime errors: 1. Since the size of tab is unknown then nb can be strictly larger than tab, and tab may be accessed out of bounds ... This may also occur in case of overflow, e.g., if nb*sizeof(unsined int) < nb (because of an overflow) 2. call to malloc with a size 0, which is undefined behavior in C If sizeof(unsined int) = 4 and nb =2E30, then nb* sizeof(unsined int)=2E32 which becomes 0 (wrap-around). 3. Similarly, if nb*sizeof(unsined int) overflows, then the size of dest will be smaller than nb, and dest[i] may be out of bounds. 4. The heap can be full, hence the malloc return value would be 0 and dest[i] would be an invalid memory acces. 5. Since i is signed and nb is unsigned, then isize_tab) {printf("Destination array larger than source"); exit(0);} if (nb > UINT_MAX/sizeof(unsigned int)) {printf("Overflow, destination arry too large"); exit(0);} dst = (int *) malloc(sizeof(unsigned int)*nb); if (!dst) {printf("Heao allocation problem\n") ; exit(0) ;} for (unsigned int i=0; i UINT_MAX /sizeof(char*)) {printf("Overflow"); exit(0);} else { ... } Exercise 5 ========== In the 2nd call, the value 128 is not a valid signed char (not in [-128,127]), it is then transformed into "-128" (128 is written 10000000 in binary, which corresponds to -128 in two's complement representation). Hence the check "ind