Re: [VOTE] Merge svn-auth-x509 branch to trunk?

Thu, 07 Aug 2014 18:53:34 -0700 

On 08.08.2014 03:43, Ben Reser wrote:
> On 8/7/14 5:58 PM, Branko Čibej wrote:
>> I've seen platforms where size_t was smaller than ptrdiff_t; but usually
>> they're the same size. The rules of type promotion in C state that an a value
>> of a signed type can be promoted to a value of the same-sized unsigned type
>> without truncation, whereas the opposite is not true. That's why you don't 
>> get
>> warnings here on most usual platforms. But the unusual platforms where size_t
>> is smaller than ptrdiff_t could be a problem.
> I'm not going signed -> unsigned.  I'm going unsigned -> signed (specifically
> apr_size_t to ptrdiff_t).
>
> Specifically:
> [[[
> svn_error_t *
> svn_x509_parse_cert(svn_x509_certinfo_t **certinfo,
>                     const char *buf,
>                     apr_size_t buflen,
>                     apr_pool_t *result_pool,
>                     apr_pool_t *scratch_pool)
> {
>   svn_error_t *err;
>   ptrdiff_t len;
>   const unsigned char *p;
>   const unsigned char *end;
>   x509_cert *crt;
>   svn_x509_certinfo_t *ci;
>   svn_stringbuf_t *namebuf;
>
>   crt = apr_pcalloc(scratch_pool, sizeof(*crt));
>   p = (const unsigned char *)buf;
>   len = buflen;
>   end = p + len;
> ]]]
>
> Note the next to last line where I assign the ptrdiff_t len with the value 
> from
> the apr_size_t buflen.
>
> Unless I'm missing something that ought to be producing a warning should it 
> not?

No, why? C compilers typically do not warn about possible overflow in
arithmetic operations, and in this case there is no loss of
representation if size_t and ptrdiff_t are the same size. Regardless of
their actual sizes, a ptrdiff_t is guaranteed to be able to represent
all the bits of a size_t, because MAX(size_t) is the architecture's
limit for in-memory object sizes, and ptrdiff_t is required to always be
able to represent the distance between two pointers within the same
in-memory object.
Furthermore, any half-sane compiler knows that the value of 'len' cannot
be larger than size_t represents, in your case, even if ptrdiff_t is
larger than size_t.

I suspect that's way more standardese than is good for the digestion at
one sitting.

-- Brane

-- 
Branko Čibej | Director of Subversion
WANdisco | Realising the impossibilities of Big Data
e. br...@wandisco.com

Reply via email to