Re: [Bug-gnulib] proposed vasnprintf patches for address arithmetic and stack overflow

[Bruno Haible]

Paul Eggert wrote:
> 2003-11-20  Paul Eggert  <address@hidden>
> 
>       Remove dependency on ssize_t in vasnprintf; this removes a few
>       minor arbitrary limits, and simplifies the code.
> 
>       * printf-parse.h: Do not include <sys/types.h>.
>       * printf-parse.c: Likewise.
>       * printf-parse.h (NO_ARG_INDEX): New macro.
>       (char_directive): Use size_t, not ssize_t.
>       * vasnprintf.c (VASNPRINTF): Likewise.
>       * printf-parse.c (PRINTF_PARSE): Likewise.
>       Remove overflow tests that are now unnecessary.
>       * printf-parse.c (SSIZE_MAX): Remove.

Thanks, I've applied your patch, with only a minor modification:
rename NO_ARG_INDEX into ARG_NONE. (More systematic naming of
special values, like FLAG_ZERO.) Will be commited tomorrow.

> we have the same problem with ssize_t.  There is no guarantee
> that ssize_t is the same width as size_t either.

Maybe in POSIX theory. But in Unix reality? I cannot imagine anyone
choosing   sizeof (ssize_t) != sizeof (size_t).

> ssize_t is a POSIX notion, not a C-language notion.  It is meant for
> POSIX calls like 'read', not for pointer arithmetic.  It shouldn't be
> used to implement C-language notions like vasnprintf, as these
> functions are fundamentally C-language functions and are independent
> of POSIX.

The implementation of a functionality can always use more things than
the standard defining the functionality. For example, the implementation
of malloc() [ISO C] uses mmap() [POSIX], and the implementation of xmalloc()
[ANSI C extension] uses gettext() [which uses POSIX read(), mmap()].

Bruno