From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3477 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Use of size_t and ssize_t in mseek Date: Thu, 27 Jun 2013 21:22:09 -0400 Message-ID: <20130628012209.GD29800@brightrain.aerifal.cx> References: <51CBB6E1.6080302@nicta.com.au> <20130627041028.GV29800@brightrain.aerifal.cx> <51CBBC8F.5050301@nicta.com.au> <20130627042314.GW29800@brightrain.aerifal.cx> <51CBC034.7030001@nicta.com.au> <20130627153429.GZ29800@brightrain.aerifal.cx> <51CCDDA5.5050503@nicta.com.au> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1372382542 27134 80.91.229.3 (28 Jun 2013 01:22:22 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 28 Jun 2013 01:22:22 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-3481-gllmg-musl=m.gmane.org@lists.openwall.com Fri Jun 28 03:22:23 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1UsNOI-0000kU-VU for gllmg-musl@plane.gmane.org; Fri, 28 Jun 2013 03:22:23 +0200 Original-Received: (qmail 9523 invoked by uid 550); 28 Jun 2013 01:22:22 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 9504 invoked from network); 28 Jun 2013 01:22:22 -0000 Content-Disposition: inline In-Reply-To: <51CCDDA5.5050503@nicta.com.au> User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:3477 Archived-At: On Fri, Jun 28, 2013 at 10:49:41AM +1000, Matthew Fernandez wrote: > >As a user of musl, what's your take on this? > > A check in fmemopen (and other affected functions) would be my preferred > solution, as an unwitting user like myself who doesn't check all the > assumptions would still be caught out by just documenting it as > undefined. I would be happy with just an assert-fail here if that's easiest.. The easiest might just be making fmemopen so it doesn't care if the size is insanely large. As far as I can tell, the only place it's an issue is in mseek, and we could use off_t instead of ssize_t. On 32-bit systems, off_t is 64-bit, so all sizes fit. On 64-bit systems, there's no way (physically!) to have an object as large as 1UL<<63. Alternatively, I could adjust the arithmetic to just avoid working with signed values, and perhaps make it more obvious what it's doing in the process. Rich