On Fri, Apr 24, 2026 at 04:12:26PM -0400, Kurt Hackenberg wrote:
On Fri, Apr 24, 2026 at 13:15 +0800, Kevin J. McCarthy wrote:This version switches to using ssize_t for the length parameter and result from getrandom(), and thus doesn't have any unsafe casts.Good for getrandom() return value, but why for its length argument? That argument is type size_t (at least on my system), and it comes from an argument to mutt_random_bytes() that's also size_t.
Yeah, I started off by changing both to ssize_t. When I rewrote the loop, I realized the comparison had disappeared. But then I thought, eh... just leave it, as Alex pointed out, a 2^63 large number would kill the system anyway. :-D
Only other use I see is requested -= result;Whether requested is signed only matters if either variable has wrapped around into negative[1], and in that case I don't see any good result of that subtraction either way.
I also certainly hope the library call would never make that mistake. But the good news is, if it did, requested would be negative and the loop would end.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
