[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] base32, base64: prefer signed to unsigned integers

From: Paul Eggert
Subject: Re: [PATCH] base32, base64: prefer signed to unsigned integers
Date: Mon, 30 Aug 2021 11:17:59 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0

On 8/30/21 7:12 AM, Simon Josefsson wrote:

Thanks for the pointer -- it doesn't say anything about why ssize_t
can't be used though?  As a signed variant of size_t, it seems relevant
to consider.

Good question. Addressed in the attached patch, which I pushed.

The objective is to eliminate bugs due to the use of unsigned types
for numerical values.

Is that a realistic goal with C using the unsigned type size_t for
low-level functions like strlen()?  It seems like an un-idiomatic goal.

It is realistic, at least within the Gnulib context. It's also realistic in the context of Glibc, which has recently started to prohibit heap allocations larger than PTRDIFF_MAX for the usual security/correctness reasons.

The attached patch also attempts to address this question.

My idea was that both APIs would be supported indefinitely.

Bruno already addressed this point, and I tend to agree with him for this particular API.

Attachment: 0001-idx-add-commentary.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]