>> - Use size_t for sizes of things > > How do you feel about ssize_t?
One has to keep in mind that ssize_t is not part of C language specification, but POSIX thing. C specification defines ptrdiff_t with [presumably] desired properties. However, there is natural ambiguity originating from fact that size_t customarily "covers" twice as much space. So if you are to rely on positivity of signed value, object has to be small enough. In other words you would have to perform sanity checks before you do so. So it's not exactly walk on roses. I mean if one assumes the premise that signed is "easier" to handle. Well, one can make all kind of practical arguments about practicality of such situation, i.e. what it takes to run into ptrdiff_t vs. size_t ambiguity, and argue that it never happens. Well, while it would be case on most systems, there are two cases, arguably not that impractical. 64-bit VMS, where we have sizeof(size_t)<sizeof(void *), and 32-bit application running on 64-bit system. In both cases you would be perfectly capable of allocating 2GB+1 bytes, and you would have trouble using ptrdiff_t with such object. [On related note one can wonder how is ambiguity resolved in say read(2). I mean let's say you have 2GB+1 bytes file and attempt to read it in one go in either of above cases. Well, I can't speak for VMS, but Linux would return 2GB-4KB bytes counting on caller to make second call to read the remaining data.] _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project