[somewhat OT] casting to unsigned [Was: Memory pool interface design]

[Oleg Goldshmidt]

In the hope to amuse at least some of you...

Oleg Goldshmidt <pub at goldshmidt.org> writes:

> So you've been lucky so far. At some point you will inevitably run into
> client code that occasionally does something stupid like passing a
> signed integer as size. Trust me, when that happens the size parameter
> usually turns out to be -6. You will have no control over it.

I sent this and tried to figure out what had made me write -6 and not -5
or -7. This:

http://translate.google.com/translate?sl=sv&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.svd.se%2Fnaringsliv%2Fnyheter%2Fsverige%2Fmonsterorder-stoppade-borsen_7708362.svd&act=url

Brief explanation not in the newspaper: the Stockholm stock exchange
crashed horribly in 2012.  From the screenshot fragment shown it seems
pretty obvious what happened. Someone probably tried to short sell 6
OMSX30 (main Swedish stock index) futures contracts, which was
represented as buying -6 of them (or maybe it was a lack of input
validation), and somewhere along the way the order size was cast to
unsigned int. At which point it became clear that no one could buy 131
times the Swedish GDP in one go.

No, malloc probably was not involved. There was, however, a request for
too much of an abundant, but still limited, resource - quite similar.

I was definitely not involved.

The result demonstrates the difference between an uncontrolled crash and
proper error handling that could reject a clearly erroneous order and
keep the exchange operational.

-- 
Oleg Goldshmidt | pub at goldshmidt.org