[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: at least 260 packages broken on arm, powerpc and s390 due to wrong assumption on char signedness

On Mon, Dec 31, 2001 at 01:33:37PM -0500, Colin Walters wrote:
> On Mon, 2001-12-31 at 05:40, Julian Gilbey wrote:
> > I believe that the author (Knuth) presumably thought "c should only be
> > between 0 and 127, probably not even that far, and we're using c as an
> > array index, where we've only allocated 256 chars for this array.  
> Right.  Then it should be explicitly declared as an "unsigned char".
> > As char might be a signed char, c could feasibly be less than 0, 
> Not if you declare it as unsigned explicitly.
> > and there's a small possibility that char could be some weird wide
> > character thing, 
> No, the C standard guarantees that a char is exactly a single byte; i.e.
> sizeof(char) == 1.


So then this check is either unnecessary or guards against the
possibility that char is signed and that the chars we've hit are <0.
But either way, it's a small piece of defensive programming for an
essentially impossible situation.

I'm not about to rewrite this code to remove a warning when I will
potentially introduce real bugs.

> The more I think about it, the more it makes sense to always explicitly
> declare all char variables as signed or unsigned; otherwise, you're just
> asking for latent bugs.

That is a wise suggestion, indeed.  Although there may be exceptions
when it is unnecessary.



     Julian Gilbey, Dept of Maths,             Debian GNU/Linux Developer
      Queen Mary, Univ. of London         see http://people.debian.org/~jdg/
   http://www.maths.qmul.ac.uk/~jdg/           or http://www.debian.org/
        Visit http://www.thehungersite.com/ to help feed the hungry
                 Also: http://www.helpthehungry.org/

Reply to: