there can be real value in doing this for C or C++ codes that want to be securehttps://twitter.com/shafikyaghmour/status/924855059032113153 …
-
-
Other than ptrdiff_t being signed (thus "taking advantage of UB by assuming overflow doesn't occur"), I don't see how this helps you.
-
That's exactly how it helps - it allows you to take advantage of compiler features to trap-on-UB without breaking valid code.
-
The original linked tweet was about breaking valid code with compiler options to trap on unsigned wrapping in order to catch bad size calcs.
-
Using ptrdiff_t instead of size_t for your size calcs makes it so a still-conforming compiler can catch the overflows.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
% turn this one on. In the off chance it is intentional you can always suppress the warning via attributes: