> Which is the sizeof(size_t) and sizeof(curl_off_t) ?
> How is curl_off_t defined ?
> Signed or unsigned curl_off_t ?
> Which legal value of data->set.postfieldsize with curl_off_t type
makes the check fail ?

_ Since curl_off_t is curl-defined, we can assume it's always signed
(and IS always defined as such). But it may be 32- or 64-bit.

_ As we have already seen, your test always consider size_t as unsigned,
so we would not discuss the signed size_t here. But again, it may be 32-
or 64-bit depending on the compilation environment and/or OS.

_ We may also reject the cases where sizeof(size_t) > sizeof(curl_off_t)
since the existence of curl_off_t is justified by having a kind of
"large media" offset, and medias are generally larger than the available
RAM addressing space.

So we must consider:

a) 32-bit size_t and 64-bit curl_off_t:
(data->set.postfieldsize < 0) properly rejects negative values (-1 is
processed before).
(data->set.postfieldsize > (curl_off_t)((size_t)-1)) rejects properly
values above 0x00000000FFFFFFFF

 --> OK

b) 32-bit size_t and 32-bit curl_off_t
(data->set.postfieldsize < 0) properly rejects negative values.
(data->set.postfieldsize > (curl_off_t)((size_t)-1)) compares a positive
value with (curl_off_t) 0xFFFFFFFF = signed 0xFFFFFFFF = -1 --> always
true --> KO

c) 64-bit size_t and 64-bit curl_off_t
Same as b).

In general, the test fails if both types occupies the same size. It
works in other cases for unsigned size_t.
Received on 2007-10-17