Re: at least 260 packages broken on arm, powerpc and s390 due to wrong assumption on char signedness
- To: email@example.com
- Subject: Re: at least 260 packages broken on arm, powerpc and s390 due to wrong assumption on char signedness
- From: Colin Walters <firstname.lastname@example.org>
- Date: 31 Dec 2001 13:33:37 -0500
- Message-id: <1009823617.11102.21.camel@space-ghost>
- In-reply-to: <20011231104029.GA22783@polya>
- References: <01122720085101.00793@tau> <20011230220233.GA19462@polya> <1009771790.11102.12.camel@space-ghost> <20011231104029.GA22783@polya>
On Mon, 2001-12-31 at 05:40, Julian Gilbey wrote:
> I believe that the author (Knuth) presumably thought "c should only be
> between 0 and 127, probably not even that far, and we're using c as an
> array index, where we've only allocated 256 chars for this array.
Right. Then it should be explicitly declared as an "unsigned char".
> As char might be a signed char, c could feasibly be less than 0,
Not if you declare it as unsigned explicitly.
> and there's a small possibility that char could be some weird wide
> character thing,
No, the C standard guarantees that a char is exactly a single byte; i.e.
sizeof(char) == 1.
> so c could feasibly be greater than 255, we'll
> perform the checks just check to be on the safe side." Defensive
It can't be larger than 255 (precisely because it is limited to a single
The more I think about it, the more it makes sense to always explicitly
declare all char variables as signed or unsigned; otherwise, you're just
asking for latent bugs.