Paul Eggert wrote:
> Using signed types is better nowadays than using unsigned types, since 
> many platforms now check for signed integer overflow and this can catch many 
> bugs, some of them security-relevant, whereas unsigned arithmetic is well 
> defined to wrap around with no overflow check (something that can be quite 
> dangerous when doing size calculations). So, for reliability and security 
> reasons, C programs should now prefer ptrdiff_t to size_t when dealing with 
> object sizes.

In the thread that starts at
I suggest to use a typedef, not ptrdiff_t directly, for values that are
known to be in the range 0..PTRDIFF_MAX.


Reply via email to