From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 109fba,df854b5838c3e14 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,df854b5838c3e14 X-Google-Attributes: gid103376,public X-Google-Thread: 1014db,df854b5838c3e14 X-Google-Attributes: gid1014db,public X-Google-Thread: 10db24,fec75f150a0d78f5 X-Google-Attributes: gid10db24,public From: dewar@cs.nyu.edu (Robert Dewar) Subject: Re: ANSI C and POSIX (was Re: C/C++ knocks the crap out of Ada) Date: 1996/04/09 Message-ID: #1/1 X-Deja-AN: 146649035 references: <4kb2j8$an0@solutions.solon.com> <4kcsnsINNgkb@keats.ugrad.cs.ubc.ca> <829066525snz@genesis.demon.co.uk> organization: Courant Institute of Mathematical Sciences newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.edu Date: 1996-04-09T00:00:00+00:00 List-Id: Lawrence says "Correctness considerations aside, there is never a good reason to pass a value in the 3rd argument to read() that is greater than the available buffer size. IMHO code that does this is highly suspect whether or not you argue that it is legal. I wish more systems were like Linux and trapped this, maybe they will in the future." Highly imprecise thinking here I fear. There is no practical way for any implementation to do the check you mention (this = value in 3rd argument that is greater than the available buffer size). This is C remember! We are passing a pointer, the caller routine has no way of knowing the buffer length, and in general unless you keep structured pointers which now the bounds of the object they reference (something no real C compiler does), there is no way to make the check. Linux simply checks that the end of the buffer is in the memory area, which is not the check you would like to see. That's what I was talking about when I noted that this kind of uncertainty would not occur in a language with a reasonably complete type model. What exactly *is* the wording of the POSIX standard here (Lawrence, you must have it at hand, please quote it exactly). The interesting thing is to determine whether this definition says enough to make *any* use of read defined without appealing to "unwritten rules". I would guess not!