On Mon, 24 Nov 2025 at 12:39, Kees Cook <[email protected]> wrote:
>
> I'm not sure what you mean by "limit to pre-defined size". There's no
> such design in those helpers, except from the perspective of "detect
> and refuse to truncate overflows into too-small storage". Is that what
> you meant?
I meant that odd combination of checking both for minimal size and
then assigning to it, but upon re-reading it, I realize that the
"check for minimal size" was actually checking the size of the result
variable.
Those macros are illegible. And 99% of all users DO NOT WANT ANY OF
THAT COMPLEXITY.
Yes, the wrapper macros then pass in NULL, which then - using yet more
complexity - turns into a dummy thing.
Basically, if *I* find those macros unreadable - and I'm actually
fairly good at parsing those things - then they are way too
complicated.
And they aren't even complicated for a good reason. My alternate ones
did *more*, and did it with less code and less confusion.
And you added the complication to make the users less legible.
So no. We're not doing *any* of that. You make it simple and targeted
to the *common* case, of you don't do this at all. Because that
over-designed mess that actually turned some users *less* readable,
but one line shorter, was bad.
Linus
