[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [VOTE] Merge svn-auth-x509 branch to trunk?

From: Branko Čibej <brane_at_wandisco.com>
Date: Fri, 08 Aug 2014 03:52:43 +0200

On 08.08.2014 03:43, Ben Reser wrote:
> On 8/7/14 5:58 PM, Branko Čibej wrote:
>> I've seen platforms where size_t was smaller than ptrdiff_t; but usually
>> they're the same size. The rules of type promotion in C state that an a value
>> of a signed type can be promoted to a value of the same-sized unsigned type
>> without truncation, whereas the opposite is not true. That's why you don't get
>> warnings here on most usual platforms. But the unusual platforms where size_t
>> is smaller than ptrdiff_t could be a problem.
> I'm not going signed -> unsigned. I'm going unsigned -> signed (specifically
> apr_size_t to ptrdiff_t).
> Specifically:
> [[[
> svn_error_t *
> svn_x509_parse_cert(svn_x509_certinfo_t **certinfo,
> const char *buf,
> apr_size_t buflen,
> apr_pool_t *result_pool,
> apr_pool_t *scratch_pool)
> {
> svn_error_t *err;
> ptrdiff_t len;
> const unsigned char *p;
> const unsigned char *end;
> x509_cert *crt;
> svn_x509_certinfo_t *ci;
> svn_stringbuf_t *namebuf;
> crt = apr_pcalloc(scratch_pool, sizeof(*crt));
> p = (const unsigned char *)buf;
> len = buflen;
> end = p + len;
> ]]]
> Note the next to last line where I assign the ptrdiff_t len with the value from
> the apr_size_t buflen.
> Unless I'm missing something that ought to be producing a warning should it not?

No, why? C compilers typically do not warn about possible overflow in
arithmetic operations, and in this case there is no loss of
representation if size_t and ptrdiff_t are the same size. Regardless of
their actual sizes, a ptrdiff_t is guaranteed to be able to represent
all the bits of a size_t, because MAX(size_t) is the architecture's
limit for in-memory object sizes, and ptrdiff_t is required to always be
able to represent the distance between two pointers within the same
in-memory object.
Furthermore, any half-sane compiler knows that the value of 'len' cannot
be larger than size_t represents, in your case, even if ptrdiff_t is
larger than size_t.

I suspect that's way more standardese than is good for the digestion at
one sitting.

-- Brane

Branko Čibej | Director of Subversion
WANdisco | Realising the impossibilities of Big Data
e. brane_at_wandisco.com
Received on 2014-08-08 03:57:34 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.