Jérôme M. Berger wrote:
Walter Bright wrote:
Jérôme M. Berger wrote:
Jérôme M. Berger wrote:
Walter Bright wrote:
Jérôme M. Berger wrote:
Now, we have code that works fine on 32-bit platforms (x86 and arm)
but segfaults on x86_64. Simply adding an (int) cast in front of the
image dimensions in a couple of places fixes the issue (tested with
various versions of gcc on linux and windows).
Easy. offset should be a size_t, not an unsigned.
And what about image width and height? Sure, in hindsight they
could probably be made into size_t too. Much easier and safer to
make them into signed ints instead, since we don't manipulate images
bigger than 2_147_483_648 on a side anyway...
Which is more or less bearophile's point: unless you're *really*
sure that you know what you're doing, use signed ints even if
negative numbers make no sense in a particular context.
I agree.
Actually the great evil in C is that implicit casts from
signed<->unsigned AND sign extension are both permitted in a single
expression.
I hope that when the integer range checking is fully implemented in D,
such two-way implicit casts will be forbidden.
(D has introduced ANOTHER instance of this with the ridiculous >>>
operator.
byte b = -1;
byte c = b >>> 1;
Guess what c is!
)
