> The reason these stand out is that there are an awful lot of static analysis > warnings (over 400) relating to unnecessary (and potentially buggy) sign > conversions, and most of these are due to the use of signed integers where > unsigned would typically be used.
The smatch static checker was in the news recently (unfortunately because it might lose its funding). smatch looks for patterns that could lead to CVEs, so it can find suspicious but technically legal issues that don't trigger the checks in gcc and clang. It can also build a database to cross-check calls across compilation units, although you need a server with a lot of RAM. It was designed to scan the Linux kernel source and has found several thousand kernel bugs over 15 years of use, but it can work on any C application. Its author has some thoughts about unsigned and small int types https://staticthinking.wordpress.com/2022/06/01/unsigned-int-i-is-stupid/ William
_______________________________________________ Tiff mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/tiff
