comparison between signed and unsigned integer
And Sch
andsch at inbox.com
Mon Oct 13 16:47:30 CEST 2014
I recently added '-Wextra' to my compile flags and I get many of the following
warnings when compiling libgcrypt.
warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
I have looked through them all and most of them are comparing a signed counter
with size_t or unsigned int, which should be benign. However, researching the
warning there are certain nasty bugs that appear if the signed int is ever
negative...
http://www.jwwalker.com/pages/safe-compare.html
https://www.securecoding.cert.org/confluence/display/cplusplus/INT02-CPP.+Understand+integer+conversion+rules
Now, Werner Koch said in the bug tracker that fixing this may introduce bugs, and I would agree. It probably wouldn't be worthwhile because there are no obvious bugs ATM.
However, here is my second proposal, why not add a call to assert() before the comparison to make sure the signed int is not negative. This shouldn't introduce any bugs AFAIK, and can be turned off globally.
____________________________________________________________
FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop!
Check it out at http://www.inbox.com/marineaquarium
More information about the Gcrypt-devel
mailing list