On 29/11/2019 12:19, Jan Beulich wrote: > On 29.11.2019 13:15, Andrew Cooper wrote: >> On 29/11/2019 12:13, Jan Beulich wrote: >>> On 29.11.2019 13:01, Ian Jackson wrote: >>>> Jan Beulich writes ("Re: [PATCH] console: avoid buffer overflow in >>>> guest_console_write()"): >>>>> On 29.11.2019 11:22, Andrew Cooper wrote: >>>>>> Is sizeof(array[0]) always 0, or is this just a GCC-ism ? Godbolt >>>>>> suggests is 0 on all compiler we support. >>>>>> >>>>>> Either way, isn't the more common idiom + 0ul ? Personally, I feel that >>>>>> is clearer to follow. >>>>> I decided against + 0ul or alike because in principle size_t >>>>> and unsigned long are different types. In particular 32-bit >>>>> x86 gcc uses unsigned int for size_t, and hence min()'s >>>>> type safety check would cause the build to fail there. The >>>>> same risk obviously exists for any 32-bit arch (e.g. Arm32, >>>>> but I haven't checked what type it actually uses). >>>> I don't know what i wrong with >>>> (size_t)0 >>>> which is shorter, even ! >>> True. Yet it contains a cast, no matter how risk-free it may be >>> in this case. With a cast, I could as well have written (yet >>> shorter) (size_t)count. >> Given that min() has a very strict typecheck, I think we should permit >> any use of an explicit cast in a single operand, because it *is* safer >> than switching to the min_t() route to make things compile. > Well, I can switch to (size_t)count if this is liked better > overall.
Personally, I'd prefer this option most of all. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel