Scott Kostyshak wrote:
On Sun, May 18, 2014 at 7:58 PM, Richard Heck <rgh...@lyx.org> wrote:
On 05/18/2014 07:22 PM, Scott Kostyshak wrote:
Is this OK? Note that converting the left hand side to an unsigned int
would work also, because it was checked just above that nRead is >=0.
But I figure converting the signed to unsigned is better in general as
long as the numbers are not expected to be large.
I would guess the safest thing would be to convert nRead to unsigned, since
(a) we know it
is positive and (b) there's no possible danger of a misconversion, as there
is in the other case.
Yeah that makes sense too. I was more worried about the 'if' block
being moved above the if block above it, in which case we would no
longer know that nRead is positive. And since the size of 'buf' is
hardcoded to 1024, it seems likely not to go past 2^31-1.
But maybe someone who knows what they're talking about should chime in.
I would also be interested in more opinions.
Scott
I would change variable "nRead" to ssize_t, as it's common that -1 is
used as a return value in case of a read error, and signed/unsignedness
conversions produce potentially dangerous patterns. (Not only the case
where code is moved around, but also if it's copy/pasted.)
You are right that unsigned int may overflow in the far future - hence
use ssize_t, which is the right data type here (at least on Mac OS X,
I'm out of office now so I can't check other platforms).
--
Regards,
Cyrille Artho - http://artho.com/
Those who will not reason, are bigots, those who cannot,
are fools, and those who dare not, are slaves.
-- George Gordon Noel Byron
