Re: [PATCH] clean up minor compiler warnings
On 2007-06-10 00:22:30 -0700, Andrew Gaul wrote:
> Index: muttlib.c
> ===================================================================
> RCS file: /home/roessler/cvs/mutt/muttlib.c,v
> retrieving revision 3.45
> diff -u -p -r3.45 muttlib.c
> --- muttlib.c 2 Jan 2007 17:10:34 -0000 3.45
> +++ muttlib.c 10 Jun 2007 07:10:41 -0000
> @@ -537,7 +537,7 @@ char *mutt_gecos_name (char *dest, size_
> if (dest[idx] == '&')
> {
> memmove (&dest[idx + pwnl], &dest[idx + 1],
> - MAX(destlen - idx - pwnl - 1, 0));
> + MAX(((int)destlen) - idx - ((int)pwnl) - 1, 0));
> memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
> dest[idx] = toupper ((unsigned char) dest[idx]);
> }
It seems that this has already been changed in the following way:
memmove (&dest[idx + pwnl], &dest[idx + 1],
MAX((ssize_t)(destlen - idx - pwnl - 1), 0));
but this is incorrect: the conversion of a value to a signed type
is implementation-defined when the value is not representable. A
compiler may generate a trap for security reasons (possibly when
an option like -ftrapv is used, though gcc doesn't do it yet in
conversions). The cast should be applied to each unsigned type,
as Andrew did it above.
--
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)