[MPlayer-cvslog] r19258 - trunk/DOCS/tech/oggless-xiph-codecs.txt
Rich Felker
dalias at aerifal.cx
Wed Aug 2 08:55:07 CEST 2006
On Wed, Aug 02, 2006 at 12:17:55AM +0200, Michael Niedermayer wrote:
> right shift of negative numbers
> its undefined but everyone expects the sign bit to be replicated
> they should not have made it undefined IMHO
Agree. AFAIK the only reason it's undefined is that some broken legacy
(risc?) systems don't have sign-extend in hardware, and often
programmers are lazy and use "int" when they mean "unsigned", so the
compiler is allowed to facilitate this laziness by assuming you meant
"unsigned" if that's all the machine can do efficiently....
Maybe C09 or whatever the next version is will finally fix this like
C99 fixed the undefinedness of division of negative numbers (albeit in
the wrong direction IMO...).
> string stuff like strncpy
> no comment on this, everyone know how great and secure the standard
> str*() functions are
They're perfectly secure; it's just that they don't do what most
people think they do. These functions are for manipulating fixed-size
string fields in fixed-size data structures, and are intended to use
the full width (not "wasting" the last byte for termination) if
needed. When writing to a string they zero-out all the unused
positions, but when reading a string, they stop at the first null byte
to avoid wasting *precious* cycles to read the remaining null bytes
from the source. strncat _happens_ to work for appending C style
strings to these fixed-size strings as well, due to its requirements,
but this is more of a random side-effect than by design, afaik.
Anyway, these functions are pretty much deprecated I think. Better to
either use snprintf, use strlen to keep track of remaining space, or
your own BSD strlcpy/strlcat workalikes.
Rich
More information about the MPlayer-cvslog
mailing list