Eric S. Raymond
esr at thyrsus.com
Sun Nov 22 13:55:41 UTC 2015
Hal Murray <hmurray at megapathdsl.net>:
> esr at thyrsus.com said:
> > Sadly, I don't know of any good tutorials on this. It is a swamp full of
> > razor blades for even very experienced C programmers. If you have a
> > particular exporession you want me to analyze I might be able to say
> > something useful.
> The old code was:
> int chars;
> char req_buf[CTL_MAX_DATA_LEN];
> req = req_buf;
> req_end = req_buf + sizeof(req_buf);
> #define REQ_ROOM (req_end - req)
> chars = strlen(buf);
> if (REQ_ROOM - chars < 1)
> The new code is:
> size_t chars;
> if (REQ_ROOM <= chars)
> The old if didn't work after chars changed to size_t.
Right. That's a good change. Any time you eliminate a subtraction you
eliminate a potential overflow point. I'm still not happy with this
code, because REQ_ROOM looks like a constant but conceals another
What happened here, I think, is that because of the signed to unsigned
conversion results of the subtraction that would have gone to less than zero
turned into a large unsigned value due to modular wraparound.
Hm. Maybe I need to *write* a tutorial on this. The trouble is that while I
probably know enough to do it, my knowledge is tacit and reactive rather
In the mean time, I'm going to follow Mark's advice and experiment with -Wextra.
Maybe that will flush out similar instances.
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel