lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.64.0702081338010.8424@woody.linux-foundation.org>
Date:	Thu, 8 Feb 2007 13:42:47 -0800 (PST)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	J.A. Magallón <jamagallon@....com>
cc:	Jan Engelhardt <jengelh@...ux01.gwdg.de>,
	Jeff Garzik <jeff@...zik.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: somebody dropped a (warning) bomb



On Thu, 8 Feb 2007, J.A. Magallón wrote:
> 
> Perhaps the problem is that gcc warns you something like 'if you care
> anything about the sign behaviour of what you send to strlen() you're doomed'.

But you *cannot* care. That's the point. The warning is insane. For any 
function that takes "char *", you very fundamentally *cannot* care about 
the signedness of the argument, because doing so would be wrong. If you 
do care, you're already buggy.

> Ie, you declared the var unsigned, so you care about it. But I can do
> anything without any regard to the sign.

That makes no sense. 

First off, "strlen()" doesn't care about the sign of the buffer, so it's a 
bad example anyway. But take something that *can* care, namely "strcmp()", 
which can return different things depending on whether "char" is signed or 
not (is 0xff larger than 0x00? Depends on whether char is signed or 
not..).

But THE CALLER CANNOT AND MUST NOT CARE! Because the sign of "char" is 
implementation-defined, so if you call "strcmp()", you are already 
basically saying: I don't care (and I _cannot_ care) what sign you are 
using.

So having the compiler warn about it is insane. It's like warnign about 
the fact that it's Thursday today. It's not something the programmer cares 
about.

		Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ