This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Implement strlcat [BZ#178]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 4 Dec 2015 20:22:53 +0100
- Subject: Re: [PATCH] Implement strlcat [BZ#178]
- Authentication-results: sourceware.org; auth=none
- References: <56547472 dot 3010302 at redhat dot com> <5661E452 dot 6000701 at cs dot ucla dot edu>
On 12/04/2015 08:06 PM, Paul Eggert wrote:
> On 11/24/2015 06:30 AM, Florian Weimer wrote:
>> +
>> + /* The sum cannot wrap around because both strings would be larger
>> + than half of the address space, which is not possible due to
>> + the restrict qualifier. */
>> + return dest_length + src_length;
>
> This comment assumes that the address space is flat, e.g., that
> uintptr_t is the same width as size_t. Is this a safe assumption? I
> can't seem to find that assumption documented anywhere. Anyway, assuming
> the assumption is safe, I suggest mentioning it here, e.g.:
The details are messy. Pointer arithmetic in GCC leans towards
signedness, and signed overflow being undefined, strange things can
happen in the middle of the address space, close to (void *) SSIZE_MAX.
This means that the address space provided by a glibc/GCC combination
is not really flat. We could work around that by creating an artificial
mapping in the middle of the address space (which has also the benefit
that ptrdiff_t can always hold the size of an object), but this will
annoy certain users on 32-bit architectures.
I can add a static assert for sizeof (uintptr_t) == sizeof (size_t),
which is closer to what we need here.
Florian