On Sun, 26 Jan 2003, George Dinwiddie wrote: > Pavel Kankovsky wrote: > > (*) The situation when the result appears to be negative because it > > is too large to fit into the positive part of a signed type used for > > strlen() return value should be considered a bug in strlen()--it > > should either use a type able to represent the length of *any* > > possible string, or abort when it cannot return a meaningful result > > (a dead program is better that a misbehaving program). > > I think you meant "The situation when the result appears to be negative > because it is too large to fit into the positive part of a signed type > used for strlen() return value should *NOT* be considered a bug in strlen()" I meant this: if strlen() is declared to return type T while T is unable to correctly represent the length of any possible zero-terminated string that can appear in the program's address space, then strlen() is buggy (less buggy, if it aborts rather than returning an incorrect value). Of course, when the program does something like "U x = strlen(s)" such that type U (e.g. popular int) cannot represent all possible return values of strlen() then the program using strlen() is buggy because strlen() returns (or is assumed to return) a correct value but the assignment done by the program corrupts it. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 11:30:27 PST