From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Paul Eggert <eggert@cs.ucla.edu>
Newsgroups: gmane.emacs.devel
Subject: Re: Making --with-wide-int the default
Date: Tue, 17 Nov 2015 10:32:39 -0800
Organization: UCLA Computer Science Department
Message-ID: <564B72C7.2070502@cs.ucla.edu>
References: <CA+5B0FOuWbpBUTsrE4tzzoLxACPQ-mgxx7zJKyW2LR77QRM=Ug@mail.gmail.com>
	<CA+5B0FMwh8t_BfQ+wrqjuw3LytB52-J=UBVtg-4n57BiebsPFA@mail.gmail.com>
	<CAArVCkRxNx0zNr-iRho-MZj0fMh7cegwwLgkxXbPU_ffmhHPXw@mail.gmail.com>
	<CA+5B0FN0v3kjWvkxEes2RivUGDyLbitZDOup7tZpErBp0Uc0vA@mail.gmail.com>
	<CAArVCkSLFTJcPeTH7S6sNLQL3y7p-wNEJ__9ZhCsRt73p2VNrw@mail.gmail.com>
	<CA+5B0FPBCo0BKc1VgRMxVyU+3Pw6L4cOJP8Dzf8bRC9v0h_R-A@mail.gmail.com>
	<83oag087gs.fsf@gnu.org>
	<CAAeL0SQYsdWY1=FBZXqHgASin7eH4g8CriSnk1Xh48KDLxdi-w@mail.gmail.com>
	<83oafz70im.fsf@gnu.org> <5620AF43.4050401@cs.ucla.edu>
	<83k2qn6xfm.fsf@gnu.org> <5620B4FA.1000804@cs.ucla.edu>
	<83wptojs1r.fsf@gnu.org> <56444C66.8050506@gmx.at>
	<E1Zx0PH-00034X-3C@fencepost.gnu.org> <83r3jugx8g.fsf@gnu.org>
	<87io56nu0a.fsf@fencepost.gnu.org>
	<E1ZxMR4-0007EI-Dr@fencepost.gnu.org>
	<83lha1dl87.fsf@gnu.org> <871tbrmeu3.fsf@fencepost.gnu.org>
	<564A63FB.7040209@cs.ucla.edu> <87a8qcj031.fsf@fencepost.gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1447785198 10754 80.91.229.3 (17 Nov 2015 18:33:18 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 17 Nov 2015 18:33:18 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: David Kastrup <dak@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 17 19:33:06 2015
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Zyl3t-0003FB-0h
	for ged-emacs-devel@m.gmane.org; Tue, 17 Nov 2015 19:33:01 +0100
Original-Received: from localhost ([::1]:60191 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Zyl3s-0001CW-9l
	for ged-emacs-devel@m.gmane.org; Tue, 17 Nov 2015 13:33:00 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35831)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1Zyl3l-0001BM-E6
	for emacs-devel@gnu.org; Tue, 17 Nov 2015 13:32:57 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1Zyl3k-00038J-GX
	for emacs-devel@gnu.org; Tue, 17 Nov 2015 13:32:53 -0500
Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:51526)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>)
	id 1Zyl3e-000379-LW; Tue, 17 Nov 2015 13:32:46 -0500
Original-Received: from localhost (localhost [127.0.0.1])
	by zimbra.cs.ucla.edu (Postfix) with ESMTP id E7DED160192;
	Tue, 17 Nov 2015 10:32:45 -0800 (PST)
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
	by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id rVrDLT7GNws9; Tue, 17 Nov 2015 10:32:45 -0800 (PST)
Original-Received: from localhost (localhost [127.0.0.1])
	by zimbra.cs.ucla.edu (Postfix) with ESMTP id 11869160779;
	Tue, 17 Nov 2015 10:32:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
	by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id pihVivvwomc8; Tue, 17 Nov 2015 10:32:44 -0800 (PST)
Original-Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200])
	by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id EBA56160192;
	Tue, 17 Nov 2015 10:32:44 -0800 (PST)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
	Thunderbird/38.1.0
In-Reply-To: <87a8qcj031.fsf@fencepost.gnu.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 131.179.128.68
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:194662
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/194662>

On 11/17/2015 04:13 AM, David Kastrup wrote:
> Integer overflows are a rather popular source of security
> vulnerabilities and/or crashes, so having them under control by default
> is a good idea

Yes, yes, all that's good, but that set of primitives (scm_t_uint16 
scm_to_uint16 etc.), while an impressively long laundry list, doesn't 
solve the problem or even (to be honest) inspire much confidence that 
the problem is even understood. How does one convert a Guile integer to 
a time_t?  Or to an off_t? Or to a nonnegative ptrdiff_t? None of the 
primitives you mention seem to address the typical problems I run into 
when auditing Emacs source code.

Far more useful is a small set of generic primitives that one can use to 
convert a Lisp integer to any system integer type, checking for overflow 
in the process. Emacs has that already. I suppose something like that 
could be built in Guile too. If so, then all we'd need to do is port the 
existing Emacs generic macros to run atop Guile, and no further code 
review should be needed.