> Zero is completely acceptable for a null pointer constant in all > circumstances *except* when passing to a varargs function, which can go > badly wrong on platforms where the sizeof a pointer is larger than the > sizeof an int.
This is a serious loophole on such platforms, since the compiler cannot diagnose the error. (The "sentinel" attribute covers only one special case.) Our approach has been to ask compiler vendors to widen such integer arguments to intptr_t (or uintptr_t), which is happily doable since the vendors are already passing `int' arguments in intptr-wide registers or stack slots. A couple vendors only gave us a secret option for this, we are now asking them to enable the option by default :-) This is also a problem when passing to a function whose prototype is not in scope. (Compilers can issue a diagnostic for that, but they should also widen in such cases as well.) Tom Truscott
