On 08.08.2014 03:43, Ben Reser wrote:
> On 8/7/14 5:58 PM, Branko Čibej wrote:
>> I've seen platforms where size_t was smaller than ptrdiff_t; but usually
>> they're the same size. The rules of type promotion in C state that an a value
>> of a signed type can be promoted to a value of the same-sized unsigned type
>> without truncation, whereas the opposite is not true. That's why you don't get
>> warnings here on most usual platforms. But the unusual platforms where size_t
>> is smaller than ptrdiff_t could be a problem.
> I'm not going signed -> unsigned. I'm going unsigned -> signed (specifically
> apr_size_t to ptrdiff_t).
>
> Specifically:
> [[[
> svn_error_t *
> svn_x509_parse_cert(svn_x509_certinfo_t **certinfo,
> const char *buf,
> apr_size_t buflen,
> apr_pool_t *result_pool,
> apr_pool_t *scratch_pool)
> {
> svn_error_t *err;
> ptrdiff_t len;
> const unsigned char *p;
> const unsigned char *end;
> x509_cert *crt;
> svn_x509_certinfo_t *ci;
> svn_stringbuf_t *namebuf;
>
> crt = apr_pcalloc(scratch_pool, sizeof(*crt));
> p = (const unsigned char *)buf;
> len = buflen;
> end = p + len;
> ]]]
>
> Note the next to last line where I assign the ptrdiff_t len with the value from
> the apr_size_t buflen.
>
> Unless I'm missing something that ought to be producing a warning should it not?
No, why? C compilers typically do not warn about possible overflow in
arithmetic operations, and in this case there is no loss of
representation if size_t and ptrdiff_t are the same size. Regardless of
their actual sizes, a ptrdiff_t is guaranteed to be able to represent
all the bits of a size_t, because MAX(size_t) is the architecture's
limit for in-memory object sizes, and ptrdiff_t is required to always be
able to represent the distance between two pointers within the same
in-memory object.
Furthermore, any half-sane compiler knows that the value of 'len' cannot
be larger than size_t represents, in your case, even if ptrdiff_t is
larger than size_t.
I suspect that's way more standardese than is good for the digestion at
one sitting.
-- Brane
--
Branko Čibej | Director of Subversion
WANdisco | Realising the impossibilities of Big Data
e. brane_at_wandisco.com
Received on 2014-08-08 03:57:34 CEST