If you are subtracting things that have not been verified to produce a positive value, then you hopefully aren’t dealing with values that can’t be negative, so this wouldn’t apply then. Forgetting to verify things is a bug in many places. I also think that a buffer offset of -1 is just about as bad as a buffer offset of 4294967295.
> On Jan 26, 2023, at 6:44 PM, Simon Fraser via webkit-dev > <webkit-dev@lists.webkit.org> wrote: > > Late to the party but…. > > Avoiding unsigned is usually recommended to avoid inadvertent underflow: > > unsigned big = 200; > unsigned small = 100; > auto result = small - big; // underflow > > This is particularly bad when doing math on buffer offsets and sizes, and can > result in OOB bugs. I believe Apple’s media frameworks code has a “no > unsigned usage” rule because of that. I’m surprised that no-one has raised it > in this discussion. > > Simon > >> On Jan 24, 2023, at 2:00 AM, Myles Maxfield via webkit-dev >> <webkit-dev@lists.webkit.org> wrote: >> >> Hello! >> >> I recently learned that the C++ core guidelines recommend against using >> unsigned to avoid negative values. Section 4.4 on page 73 of The C++ >> Programming Language says unsigned types should be used for bitfields and >> not in an attempt to ensure values are positive. Some talks by people on the >> C++ standards committee (e.g., Herb Sutter) recommend against using unsigned >> types simply because the value is expected to by positive. >> >> Should we be avoiding unsigneds for these purposes? WebKit uses unsigneds >> all over the place, and I’m assuming a fair many of them are there to >> indicate that negative values are avoided. The C++ recommendation goes >> against my intuition that the type is there for clarity, to indicate >> expectations about the meaning and behavior of its value. But if it’s >> standard practice to just use int instead, perhaps we should update the >> style guide? >> >> What do you think? >> >> —Myles >> _______________________________________________ >> webkit-dev mailing list >> webkit-dev@lists.webkit.org >> https://lists.webkit.org/mailman/listinfo/webkit-dev > > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev