Re: Minor net/core/sock.c security issue?

From: Albert D. Cahalan (
Date: Mon Jul 23 2001 - 23:55:15 EST

David S. Miller writes:
> Albert D. Cahalan writes:

>> Long term, __builtin_min() and __builtin_max() would be nice.
> I would even avoid this, what is the signedness of their
> arguments and return values? The answer is: I don't care,
> because I have to look it up.
> And if I have to look it up, I know that most people _won't_ look it
> up and will just guess or assume. Most people are therefore likely to
> misuse it.

The obvious answer is to enforce that the signedness of their
arguments and return values all match. Anything else won't compile.
This is safer than plain open code, because it forces the programmer
to fix any signedness mismatch.

The whole point of being built-in is that stuff like this can be

Possibly bad ideas:

The full range of signed/unsigned could be made to work, as if you
were using 33-bit or 65-bit signed math. It might even be sane to take
the return type from whatever is getting fed the return value. It
would be cool to use the exception tables if something goes out of
range, though maybe that would be too slow.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Tue Jul 31 2001 - 21:00:14 EST