Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Pavel Kankovsky (peak_at_argo.troja.mff.cuni.cz)
Date: Mon Jan 27 2003 - 04:17:05 CST
On Sun, 26 Jan 2003, George Dinwiddie wrote:
> Pavel Kankovsky wrote:
> > (*) The situation when the result appears to be negative because it
> > is too large to fit into the positive part of a signed type used for
> > strlen() return value should be considered a bug in strlen()--it
> > should either use a type able to represent the length of *any*
> > possible string, or abort when it cannot return a meaningful result
> > (a dead program is better that a misbehaving program).
> I think you meant "The situation when the result appears to be negative
> because it is too large to fit into the positive part of a signed type
> used for strlen() return value should *NOT* be considered a bug in strlen()"
I meant this: if strlen() is declared to return type T while T is unable
to correctly represent the length of any possible zero-terminated string
that can appear in the program's address space, then strlen() is buggy
(less buggy, if it aborts rather than returning an incorrect value).
Of course, when the program does something like "U x = strlen(s)" such
that type U (e.g. popular int) cannot represent all possible return values
of strlen() then the program using strlen() is buggy because strlen()
returns (or is assumed to return) a correct value but the assignment done
by the program corrupts it.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."