From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932846AbcJMXif (ORCPT ); Thu, 13 Oct 2016 19:38:35 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:33196 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756114AbcJMXhq (ORCPT ); Thu, 13 Oct 2016 19:37:46 -0400 Date: Fri, 14 Oct 2016 00:37:22 +0100 From: Al Viro To: none Cc: linux-kernel@vger.kernel.org Subject: Re: when to size_t for =?utf-8?Q?represent?= =?utf-8?Q?ing_length_instead_of_int=E2=80=AF=3F?= Message-ID: <20161013233722.GX19539@ZenIV.linux.org.uk> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.7.0 (2016-08-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 14, 2016 at 12:12:43AM +0200, none wrote: > Hello, > > I wanted to known the rules in coding guidelines concerning the use of > size_t. > It seems the signed int type is used most of the time for representing > string sizes, including in some parts written by Linus in /lib. > They’re can buffer overflows attack if ssize_t if larger than sizeof(int) > (though I agree this isn’t the only way, but at least it´s less error > prone). Huh? size_t is the type of sizoef result; ssize_t is its signed counterpart. > So is it guaranteed for all current and future cpu architectures the Linux > kernel support that ssize_t will always be equal to sizeof(int) ? Of course it isn't. Not true on any 64bit architecture we support... What attacks are, in your opinion, enabled by that fact? I'm sure that libc (and C standard) folks would be very interested, considering that e.g. strlen() is declared as function that takes a pointer to const char and returns size_t...