On 8/30/21 7:12 AM, Simon Josefsson wrote:

> Thanks for the pointer -- it doesn't say anything about why ssize_t
> can't be used though?  As a signed variant of size_t, it seems relevant
> to consider.

Good question. Addressed in the attached patch, which I pushed.

>> The objective is to eliminate bugs due to the use of unsigned types
>> for numerical values.
> 
> Is that a realistic goal with C using the unsigned type size_t for
> low-level functions like strlen()?  It seems like an un-idiomatic goal.

It is realistic, at least within the Gnulib context. It's also realistic 
in the context of Glibc, which has recently started to prohibit heap 
allocations larger than PTRDIFF_MAX for the usual security/correctness 
reasons.

The attached patch also attempts to address this question.

> My idea was that both APIs would be supported indefinitely.

Bruno already addressed this point, and I tend to agree with him for 
this particular API.