[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: size_t vs EMACS_INT
From: |
Eli Zaretskii |
Subject: |
Re: size_t vs EMACS_INT |
Date: |
Sat, 16 Jul 2011 10:13:05 +0300 |
> Date: Fri, 15 Jul 2011 14:52:56 -0700
> From: Paul Eggert <address@hidden>
> CC: address@hidden
>
> EMACS_INT new_point = PT + XINT (n);
>
> This code is currently safe, since C code can always safely add
> two Emacs fixnums, and the addition can't possibly overflow at the C level.
> But if fixnums could equal TYPE_MAXIMUM (EMACS_INT),
> this code would be unsafe and we would have to add a run-time
> check for integer overflow.
But this issue exists with any addition of two integer values of the
same type in a C program. And yet gobs of C programs do that without
testing for overflow before each addition. Why should Emacs be
different?
Also, the fact that the underlying C data type cannot overflow doesn't
save us from disasters, because calling make_number on the result
could still "kind of" overflow, when it bit-shifts the value.