| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Feb 2007 15:46:05 +0300 From: Sergei Organov <osv@...ad.com> To: 7eggert@....de Cc: Linus Torvalds <torvalds@...ux-foundation.org>, "J.A. MagallÃÃón" <jamagallon@....com>, Jan Engelhardt <jengelh@...ux01.gwdg.de>, Jeff Garzik <jeff@...zik.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: somebody dropped a (warning) bomb Bodo Eggert <7eggert@....de> writes: > Sergei Organov <osv@...ad.com> wrote: >> Linus Torvalds <torvalds@...ux-foundation.org> writes: > >>> Exactly because "char" *by*definition* is "indeterminate sign" as far as >>> something like "strlen()" is concerned. >> >> Thanks, I now understand that you either don't see the difference >> between "indeterminate" and "implementation-defined" in this context or >> consider it non-essential, so I think I've got your point. > > If you don't code for a specific compiler with specific settings, there is > no implementation defining the signedness of char, and each part of the code > using char* will be wrong unless it handles both cases correctly. The problem here is that due to historical reasons, there could be code out there that abuses "char" for "signed char" (not sure about "unsigned char"). Old code and old habits are rather persistent. > Therefore it's either always wrong to call your char* function with char*, > unsigned char* _and_ signed char unless you can guarantee not to overflow any > of them, or it's always correct to call char* functions with any kind > of these. How are you sure those who wrote foo(char*) agrees with your opinion or even understands all the involved issues? > Off cause if you happen to code for specific compiler settings, one signedness > of char will become real and one warning will be legit. And if pigs fly, they > should wear googles to protect their eyes ... And if people were writing perfect portable code all the time, there would be no need for warnings in the first place... -- Sergei. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists