Re: preferring ptrdiff_t to size

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: preferring ptrdiff_t to size_t

From:	Bruno Haible
Subject:	Re: preferring ptrdiff_t to size_t
Date:	Sat, 05 Jan 2019 11:37:11 +0100
User-agent:	KMail/5.1.3 (Linux/4.4.0-141-generic; KDE/5.18.0; x86_64; ; )

Paul Eggert wrote:
> Using signed types is better nowadays than using unsigned types, since 
> many platforms now check for signed integer overflow and this can catch many 
> bugs, some of them security-relevant, whereas unsigned arithmetic is well 
> defined to wrap around with no overflow check (something that can be quite 
> dangerous when doing size calculations). So, for reliability and security 
> reasons, C programs should now prefer ptrdiff_t to size_t when dealing with 
> object sizes.

In the thread that starts at
http://lists.gnu.org/archive/html/bug-gnulib/2017-06/msg00009.html
I suggest to use a typedef, not ptrdiff_t directly, for values that are
known to be in the range 0..PTRDIFF_MAX.

Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

Re: preferring ptrdiff_t to size_t, Bruno Haible <=

Prev by Date: Re: bug#33965: handling of closed file descriptors
Next by Date: Re: new module suggestion: fprintftime-check
Previous by thread: Re: bug#33965: handling of closed file descriptors
Next by thread: Re: [Regression/Android] Commit e7fb52b3 causes segfault on 32-bit platforms
Index(es):
- Date
- Thread