...
Other implementations still may simply assume that signed integers never overflow and generate object code accordingly. An example of such an implementation is GNU gcc invoked without either the -fwrapv or the -ftrapv option.
It is also possible for the same conforming implementation to emit code that exhibits different behavior in different contexts. For example, an implementation may determine that a signed integer loop control variable declared in a local scope cannot overflow and emit efficient code based on that determination, while the same implementation may avoid making that assumption in another function when the variable is a global object.
For these reasons, it is important to ensure that operations on signed integers do no result in overflow. (See recommendation MSC15-C. Do not depend on undefined behavior.) Of particular importance, however, are operations on signed integer values that originate from untrusted sources and are used in any of the following ways:
...