On Sun, Nov 29, 2020 at 08:02:45AM +0100, Emil Engler wrote: > It can overflow! Please check for the positivity and width of size_t before!
What can overflow? ret is guaranteed to be non-negative before the cast. As for the width (which would be about truncation, not overflow): while the standard allows for size_t to be an unsigned integer type as small as 16 bits, we generally assume that sizeof(size_t) >= sizeof(int). I don't think I've ever seen a width check ensuring this in our sources. > > Cheers, > Emil > > On 11/28/20 11:20 PM, Theo Buehler wrote: > > /usr/src/usr.sbin/ldapd/util.c:46:21: warning: comparison of integers of > > different signs: > > 'int' and 'size_t' (aka 'unsigned long') [-Wsign-compare] > > if (ret < 0 || ret >= size) > > ~~~ ^ ~~~~ > > > > This has been around for a while. I forgot that I had this patch in my > > tree. > > > > Index: util.c > > =================================================================== > > RCS file: /cvs/src/usr.sbin/ldapd/util.c,v > > retrieving revision 1.12 > > diff -u -p -r1.12 util.c > > --- util.c 24 Oct 2019 12:39:26 -0000 1.12 > > +++ util.c 4 Aug 2020 07:14:33 -0000 > > @@ -43,7 +43,7 @@ bsnprintf(char *str, size_t size, const > > va_start(ap, format); > > ret = vsnprintf(str, size, format, ap); > > va_end(ap); > > - if (ret < 0 || ret >= size) > > + if (ret < 0 || (size_t)ret >= size) > > return 0; > > return 1; > > >