Full Disclosure mailing list archives
Re: linux type definitions
From: Timo Sirainen <tss () iki fi>
Date: Mon, 14 Apr 2003 12:05:42 +0300
On Mon, Apr 14, 2003 at 07:12:32AM -0000, n d wrote:
i was wondering why pid_t and size_t are defined as signed integers? im not too sure that a process id can be negative. and if strlen returns a 16-bit signed integer what would happen if strlen was passed a string with a size of 34000?
I don't think pid_t is required to be signed, but a lot of code assumes it when they compare fork() return value against -1 without casting. size_t is defined to be unsigned in C99 standard. Some implementations have defined it as signed, but I'd consider those to be broken. strlen() can't return a value out of range of size_t, or the implementation is broken (size_t should have been defined larger). If you're looking for security holes related to strlen(), I doubt you can find any real ones. size_t is always defined large enough that your process runs out of memory before you can overflow it, unless you're still running some system with segmented memory access (embedded maybe?) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- linux type definitions n d (Apr 14)
- Re: linux type definitions Timo Sirainen (Apr 14)
- Re: linux type definitions Thamer Al-Harbash (Apr 14)
- Re: linux type definitions Timo Sirainen (Apr 14)