[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: xsize and flexmember
|
From: |
Bruno Haible |
|
Subject: |
Re: xsize and flexmember |
|
Date: |
Fri, 01 May 2020 11:09:54 +0200 |
|
User-agent: |
KMail/5.1.3 (Linux/4.4.0-177-generic; KDE/5.18.0; x86_64; ; ) |
Paul Eggert wrote:
> I realize we have dueling conventions here, but would prefer that
> saturated size_t arithmetic have a longer prefix or suffix than just "x".
I'm open to this. What prefix would you propose instead of 'x'?
Generally, 'xsize' has not caught on as I had expected. It is still a
simple solution to the task of avoiding inadvertent overflow, especially
in complex expressions, but
- many people continued to prefer ad-hoc code, especially for simple
expressions,
- the 'xsize' module is written for size_t, therefore overflow checking
for 'unsigned int' or 'unsigned long' still has to be done the
manual way,
- on glibc systems, the problem has been mitigated since malloc()
now refuses arguments > SIZE_MAX/2, thus in a loop that grows an
array malloc() will typically fail before the size overflows.
Thoughts?
Bruno