gnupg-1.4.2 Excessive warnings when using Sun's cc

Werner Koch wk at gnupg.org
Wed Dec 7 11:46:34 CET 2005 

On Tue, 06 Dec 2005 14:08:00 +0000, David Kirkby said:

> "ccid-driver.c", line 2403: warning: empty translation unit

Well, undefing a module is easier than makefile magic.

> "pkclist.c", line 439: warning: statement not reached

Well, some compilers choke if there is no return statement because
they can't analyse the previous case statement.  I have added a
NOTREACHED comment.

> I don't think finding a compiler option is the right approach to take. 
> Once you go start going down that slippery slope, you will probably live 
> to regret it.

We introduced some severe bugs in 1.9 while changing the
signed/unsigned things.  It was hard to find them even that the number
of changes in 1.9 are less than those we would need in 1.4.

> Others (myself included) manage to write large bits of C that are okay 
> with -Wall on gcc.

GnuPG used to compile without any warnings with older GCC versions
(IIRC < gcc 3.3) and once the GNU standards actually said: Don't care
about signed/unsigned mismatches.

Actually we build using

 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat-nonliteral

without any warnings and only added -Wno-pointer-sign recently.

I know that these warnings are annoying and dangerous because you may
the not notice real problems.  Thus my question on a compiler option
to disable this warning.

> But why does the underlying source need to many casts to avoid the 
> warnings? I know sometimes casts are necessary (particulary with things 

The main reason is that GnuPG "unsigend char *" (or typedefed as
"byte") and most string functiosn take and return "char *".  This
isued to be no problem and actually helped a lot to avoid security
problems:

  char *foo;
  if (isdigit (*foo))
  
will at least segv on many machines if foo is not unsigned and its
referenced value is > 127.  A proposed solution is to use a cast -
however casts are evil in themself and should be avoided if at all
possible.

We changed this by avoiding the ctype.h macros or by firsttesting with
isascii().

> that have void in them, such as fread where you need to cast the pointer 
> to void). But there should be no need for loads of unsigned/signed 
> mismatches.

fread is just fine:

 -- Function: size_t fread (void *DATA, size_t SIZE, size_t COUNT, FILE
          *STREAM)

No need to cast any data pointer.


Shalom-Salam,

   Werner

More information about the Gnupg-devel mailing list