Date: Sat, 29 Jun 2013 00:13:16 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: Use of size_t and ssize_t in mseek On Fri, Jun 28, 2013 at 11:56:15AM +1000, Matthew Fernandez wrote: > >>>Alternatively, I could adjust the arithmetic to just avoid working > >>>with signed values, and perhaps make it more obvious what it's doing > >>>in the process. > >> > >>I would also be happy with this solution. The code in mseek could > >>definitely be clearer. Not that I don't enjoy switch statements written > >>as offsets into stack structs and reverse jumps ;) > > > >Yes, I think this is probably the best solution, even if it makes the > >function a few bytes larger. The code should be more clear. > > Thanks, Rich. I appreciate you taking the time to consider this issue. > Apologies that it seems to have steamrolled into all the ways of > constructing invalid objects and possibly bored everyone else on this > list :) Looking at the code to "fix" it now, I ran into a problem. :-) If size_t is 64-bit, there is fundamentally no way a memory buffer (or disk file) larger than SSIZE_MAX can be accessed, since off_t cannot store the position in the file. I noticed this as soon as I went to write: case SEEK_SET: if (off < 0 || off > c->size) goto fail; I could still salvage the 32-bit case by simply leaving the code alone except for changing base to off_t, but I'm starting to remember why I thought it was bogus to even consider allowing object sizes greater than the signed size max... Not sure what the best way to proceed is. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.