A potential bug on `RSIZE_MAX` in `inc/hf/std.h`

[Jeehoon Kang]

Dear All,

In `inc/hf/std.h` (https://hafnium.googlesource.com/hafnium/+/refs/heads/master/inc/hf/std.h#23),

`rsize_t` and `RSIZE_MAX` are defined as:

```

typedef size_t rsize_t;

#define RSIZE_MAX SIZE_MAX
```

But in general, `RSIZE_MAX` should be less than `SIZE_MAX`.  It's typically defined as half `SIZE_MAX`.  This document explains the reason: https://en.cppreference.com/w/c/error .  For example, `prebuilts/linux-x64/clang/lib64/clang/8.0.4/include/stdint.h` defines it as:

```

666:/* ISO9899:2011 7.20 (C11 Annex K): Define RSIZE_MAX if __STDC_WANT_LIB_EXT1__
669:#define   RSIZE_MAX            (SIZE_MAX >> 1)
```

In fact, because `RSIZE_MAX` equals to `SIZE_MAX`, the range check in `mem???_s` functions become vacuously true.  It's probably not what we want.

[Andrew Scull]

Thanks Jeehoon, I've uploaded a patch to reduce the range right down to 128 MiB as we don't expect to be dealing with large ranges of memory and this should catch other problems earlier.

--
You received this message because you are subscribed to the Google Groups "Hafnium" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hafnium-discu...@googlegroups.com.
To post to this group, send email to hafnium...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/hafnium-discuss/c2108505-474a-4a5e-bef7-a72352579357%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.