[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-gnulib] mbswidth vs. `int' overflow
|
From: |
Jim Meyering |
|
Subject: |
[bug-gnulib] mbswidth vs. `int' overflow |
|
Date: |
Sat, 09 Apr 2005 18:23:40 +0200 |
Hi Bruno,
I was looking for assurance that mbswidth would always return
a non-negative value when called with flags == 0, e.g.,
int len = mbswidth (str, 0);
and from reading the comments in mbswidth.c, at first I thought
it was ok to assume 0 <= len :
----------------------------
/* Returns the number of columns needed to represent the multibyte
character string pointed to by STRING. If a non-printable character
occurs, and MBSW_REJECT_UNPRINTABLE is specified, -1 is returned.
With flags = MBSW_REJECT_INVALID | MBSW_REJECT_UNPRINTABLE, this is
the multibyte analogue of the wcswidth function. */
int
mbswidth (const char *string, int flags)
{
return mbsnwidth (string, strlen (string), flags);
}
/* Returns the number of columns needed to represent the multibyte
character string pointed to by STRING of length NBYTES. If a
non-printable character occurs, and MBSW_REJECT_UNPRINTABLE is
specified, -1 is returned. */
int
mbsnwidth (const char *string, size_t nbytes, int flags)
----------------------------
But then, I noticed that mbsnwidth's `nbytes' parameter is
of type size_t -- which contrasts with its return type of `int'.
You can see that passing a string longer than INT_MAX to mbswidth
can make that function return a negative number.
I realize this is largely theoretical, but
how about changing the spec to deal with it or at least adding
a comment to acknowledge the risk?
Jim
P.S.: I noticed that the POSIX specs for wcswidth and wcwidth
also ignore this possibility.
- [bug-gnulib] mbswidth vs. `int' overflow,
Jim Meyering <=