Walter Bright wrote: > Jérôme M. Berger wrote: >> Jérôme M. Berger wrote: >>> Walter Bright wrote: >>>> Jérôme M. Berger wrote: >>>>> Actually, that problem already occurs in C. I've had problems when >>>>> porting code from x86 to x86_64 because some unsigned operations >>>>> don't behave the same way on both... >>>> How so? I thought most 64 bit C compilers were specifically designed to >>>> avoid this problem. >>> I can't isolate it to a minimal test case, but at my job, we make >>> an image processing library. Since negative image dimensions don't >>> make sense, we decided to define width and height as "unsigned int". >>> Now, we have code that works fine on 32-bit platforms (x86 and arm) >>> but segfaults on x86_64. Simply adding an (int) cast in front of the >>> image dimensions in a couple of places fixes the issue (tested with >>> various versions of gcc on linux and windows). >>> >> Gotcha! See the attached test case. I will post the explanation for >> the issue as a reply to give everyone a chance to try and spot the >> error... > > Easy. offset should be a size_t, not an unsigned.
And what about image width and height? Sure, in hindsight they
could probably be made into size_t too. Much easier and safer to
make them into signed ints instead, since we don't manipulate images
bigger than 2_147_483_648 on a side anyway...
Which is more or less bearophile's point: unless you're *really*
sure that you know what you're doing, use signed ints even if
negative numbers make no sense in a particular context.
Jerome
--
mailto:[email protected]
http://jeberger.free.fr
Jabber: [email protected]
signature.asc
Description: OpenPGP digital signature
