On 29/11/2019 12:13, Jan Beulich wrote:
> On 29.11.2019 13:01, Ian Jackson wrote:
>> Jan Beulich writes ("Re: [PATCH] console: avoid buffer overflow in
>> guest_console_write()"):
>>> On 29.11.2019 11:22, Andrew Cooper wrote:
>>>> Is sizeof(array[0]) always 0, or is this just a GCC-ism ? Godbolt
>>>> suggests is 0 on all compiler we support.
>>>>
>>>> Either way, isn't the more common idiom + 0ul ? Personally, I feel that
>>>> is clearer to follow.
>>> I decided against + 0ul or alike because in principle size_t
>>> and unsigned long are different types. In particular 32-bit
>>> x86 gcc uses unsigned int for size_t, and hence min()'s
>>> type safety check would cause the build to fail there. The
>>> same risk obviously exists for any 32-bit arch (e.g. Arm32,
>>> but I haven't checked what type it actually uses).
>> I don't know what i wrong with
>> (size_t)0
>> which is shorter, even !
> True. Yet it contains a cast, no matter how risk-free it may be
> in this case. With a cast, I could as well have written (yet
> shorter) (size_t)count.
Given that min() has a very strict typecheck, I think we should permit
any use of an explicit cast in a single operand, because it *is* safer
than switching to the min_t() route to make things compile.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
