Paul Eggert wrote: > Using signed types is better nowadays than using unsigned types, since > many platforms now check for signed integer overflow and this can catch many > bugs, some of them security-relevant, whereas unsigned arithmetic is well > defined to wrap around with no overflow check (something that can be quite > dangerous when doing size calculations). So, for reliability and security > reasons, C programs should now prefer ptrdiff_t to size_t when dealing with > object sizes.
In the thread that starts at http://lists.gnu.org/archive/html/bug-gnulib/2017-06/msg00009.html I suggest to use a typedef, not ptrdiff_t directly, for values that are known to be in the range 0..PTRDIFF_MAX. Bruno