On 21-Apr-08, at 10:24 AM, der Mouse wrote:
Indeed, however the current implementation doesn't even try to "detect" or "distinguish" EOF, and indeed passing EOF without casting it properly and/or masking will result in an out-of-bounds array access in the current implementation.Look closer. The object indexed inside the macro is _one past_ the base of the array object being indexed; this is done specifically to support EOF as an argument.
Nope, that does not work, at least not if the parameter is an int variable, as would be compatible with the API specification, and as is most commonly used in existing code in general I would guess.
But what does "safe" mean? In this context, I don't think it means "take out-of-range values and silently smush them into in-range values". Ideally, I'd say, it would mean "drop core when passedanything out-of-range" (and I don't mean "drop core or access somethingrandom, depending on the arg and how memory happens to be laid out").
And just how do you plan to do that with any traditional C implementation in the case where these APIs are implemented as preprocessor macros accessing a 257-byte array, as they are in NetBSD?
However, that's expensive enough that I for one am willing to acceptthe lessened error checking for the sake of performance of correct code.
A simple mask provides all of the safety one can hope for given the present implementation. :-)
The OpenBSD, FreeBSD, and Darwin implementations use inline functions and varying degrees of additional protection, and also provide varying degrees of other enhanced features too.
--
Greg A. Woods; Planix, Inc.
<woods%planix.ca@localhost>