On 29/11/2019 12:13, Jan Beulich wrote: > On 29.11.2019 13:01, Ian Jackson wrote: >> Jan Beulich writes ("Re: [PATCH] console: avoid buffer overflow in >> guest_console_write()"): >>> On 29.11.2019 11:22, Andrew Cooper wrote: >>>> Is sizeof(array[0]) always 0, or is this just a GCC-ism ? Godbolt >>>> suggests is 0 on all compiler we support. >>>> >>>> Either way, isn't the more common idiom + 0ul ? Personally, I feel that >>>> is clearer to follow. >>> I decided against + 0ul or alike because in principle size_t >>> and unsigned long are different types. In particular 32-bit >>> x86 gcc uses unsigned int for size_t, and hence min()'s >>> type safety check would cause the build to fail there. The >>> same risk obviously exists for any 32-bit arch (e.g. Arm32, >>> but I haven't checked what type it actually uses). >> I don't know what i wrong with >> (size_t)0 >> which is shorter, even ! > True. Yet it contains a cast, no matter how risk-free it may be > in this case. With a cast, I could as well have written (yet > shorter) (size_t)count.
Given that min() has a very strict typecheck, I think we should permit any use of an explicit cast in a single operand, because it *is* safer than switching to the min_t() route to make things compile. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel