From: Egil Hjelmeland > Sent: 19 October 2017 17:53 ... > >> IMHO it is best to define a struct for the 'ctx and then do: > >> ..., void *v_ctx) > >> { > >> foo_ctx *ctx = v_ctx; > >> int port = ctx->port; > >> > >> That stops anyone having to double-check that the *(int *) > >> is operating on a pointer to an integer of the correct size. > >> > > > > Does casting to a struct pointer require less manual double-check than > > to a int-pointer? In neither cases the compiler can protect us, IFAIK. > > But on the other hand, a the text "foo_ctx" can searched in the editor. > > So in that respect it can somewhat aid to the double-checking. > > > > So I can do that. > > > > > > I understand now that the caller side (lan9303_port_fast_age) is > vulnerable. Say somebody has the idea to change the "port" param > of .port_fast_age from int to u8, then my code is a trap.
Worse, change it to a long and it will work on everything except 64bit big-endian systems. David