This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Implement strlcat [BZ#178]

On 12/04/2015 08:06 PM, Paul Eggert wrote:
> On 11/24/2015 06:30 AM, Florian Weimer wrote:
>> +
>> +  /* The sum cannot wrap around because both strings would be larger
>> +     than half of the address space, which is not possible due to
>> +     the restrict qualifier.  */
>> +  return dest_length + src_length;
> This comment assumes that the address space is flat, e.g., that
> uintptr_t is the same width as size_t. Is this a safe assumption? I
> can't seem to find that assumption documented anywhere. Anyway, assuming
> the assumption is safe, I suggest mentioning it here, e.g.:

The details are messy.  Pointer arithmetic in GCC leans towards
signedness, and signed overflow being undefined, strange things can
happen in the middle of the address space, close to (void *) SSIZE_MAX.
 This means that the address space provided by a glibc/GCC combination
is not really flat.  We could work around that by creating an artificial
mapping in the middle of the address space (which has also the benefit
that ptrdiff_t can always hold the size of an object), but this will
annoy certain users on 32-bit architectures.

I can add a static assert for sizeof (uintptr_t) == sizeof (size_t),
which is closer to what we need here.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]