Re: when to size_t for representing length instead of intâ?

From: Al Viro
Date: Thu Oct 13 2016 - 19:38:39 EST

Next message: John Stultz: "[RFC][PATCH 2/2] usb: dwc2: Add a quirk to allow speed negotiation for Hisilicon Hi6220"
Previous message: Tejun Heo: "Re: [PATCH v5 4/4] ata: ATA Command Priority Disabled By Default"
In reply to: none: "when to size_t for representing length instead of intâ?"
Next in thread: none: "Re: when to size_t for representing length instead of intâ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 14, 2016 at 12:12:43AM +0200, none wrote:
> Hello,
>
> I wanted to known the rules in coding guidelines concerning the use of
> size_t.
> It seems the signed int type is used most of the time for representing
> string sizes, including in some parts written by Linus in /lib.
> Theyâre can buffer overflows attack if ssize_t if larger than sizeof(int)
> (though I agree this isnât the only way, but at least itÂs less error
> prone).

Huh? size_t is the type of sizoef result; ssize_t is its signed counterpart.

> So is it guaranteed for all current and future cpu architectures the Linux
> kernel support that ssize_t will always be equal to sizeof(int)â?

Of course it isn't. Not true on any 64bit architecture we support...
What attacks are, in your opinion, enabled by that fact? I'm sure that
libc (and C standard) folks would be very interested, considering that
e.g. strlen() is declared as function that takes a pointer to const char and
returns size_t...

Next message: John Stultz: "[RFC][PATCH 2/2] usb: dwc2: Add a quirk to allow speed negotiation for Hisilicon Hi6220"
Previous message: Tejun Heo: "Re: [PATCH v5 4/4] ata: ATA Command Priority Disabled By Default"
In reply to: none: "when to size_t for representing length instead of intâ?"
Next in thread: none: "Re: when to size_t for representing length instead of intâ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]