[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnulib] proposed vasnprintf patches for address arithmetic and

From: Bruno Haible
Subject: Re: [Bug-gnulib] proposed vasnprintf patches for address arithmetic and stack overflow
Date: Tue, 18 Nov 2003 13:02:47 +0100
User-agent: KMail/1.5

Paul Eggert wrote:
> OK, but the code should use ptrdiff_t instead of ssize_t for this purpose.
> This should avoid the need for explicit checks against SSIZE_MAX.

What I needed here was a signed type, of the same size as 'size_t'.
You cannot guarantee that ssize_t and ptrdiff_t have the same size.

> One can always subtract two pointers into the same array and get a
> valid ptrdiff_t value (that is what ptrdiff_t is for, after all)

I don't believe in ptrdiff_t. If you take a Linux with 4 GB patch, where
the stack is at 0xeffff000 and the shared libraries are at 0x40000000 or
0x50000000, you can happily malloc an array of 0x90000000 'char's. Now take two
pointers into this array and subtract them: endptr - startptr. You'll
get a _negative_ ptrdiff_t value.

When ISO C says "ptrdiff_t is the signed integer type of the result
of subtracting two pointers" it's a statement about the compiler, not
about the environment. Or maybe the Linux with 4 GB patch is not
ISO C compliant? Anyway, ptrdiff_t is too hairy for me.

Btw, do you know a platform where size_t and ptrdiff_t have different
size? And which one is larger on this platform?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]