On Tue, Jan 28, 2025 at 09:05:44AM -0800, Junio C Hamano wrote: > Patrick Steinhardt <ps@xxxxxx> writes: > > >> The cast from off_t -> size_t matches the currect behavior, but is it > >> always safe to do this? In `git-compat-util.h` it looks like we have > >> `xsize_t()` to safely handle these conversions. Since this series is > >> moving away from `git-compat-util.h` should ideally something similar be > >> implemented? > > > > It is safe, because a couple lines further up we check for `size < 0` > > and error out if that is the case. So we know it's a positive integer, > > and thus it can be represented via `size_t`. > > Even where off_t (which measures on-disk file in bytes) may be wider > than size_t (which measures in-core piece of memory in bytes)? Wait, can that actually happen? Hm. I assume it can, for example on 32 bit systems with large-file support enabled. There I assume that `off_t` would be a 64 bit signed integer, whereas `size_t` may be a 32 bit unsigned integer. Will address in v3. Patrick
