From: shejialuo <shejialuo@gmail.com>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 00/10] Start compiling with `-Wsign-compare`
Date: Sat, 30 Nov 2024 18:55:39 +0800 [thread overview]
Message-ID: <Z0rvKwXh8mUikBeU@ArchLinux> (raw)
In-Reply-To: <20241129-pks-sign-compare-v1-0-fc406b984bc9@pks.im>
On Fri, Nov 29, 2024 at 02:13:21PM +0100, Patrick Steinhardt wrote:
> Hi,
>
> when compiling with DEVELOPER=YesPlease, we explicitly disable the
> "-Wsign-compare" warning. This is mostly because our code base is full
> of cases where we don't bother at all whether something should be signed
> or unsigned, and enabling the warning would thus cause tons of warnings
> to pop up.
>
> Unfortunately, disabling this warning also masks real issues. There have
> been multiple CVEs in the Git project that would have been flagged by
> this warning (e.g. CVE-2022-39260, CVE-2022-41903 and several fixes in
> the vicinity of these CVEs). Furthermore, the final audit report by
> X41 D-Sec, who are the ones who have discovered some of the CVEs, hinted
> that it might be a good idea to become more strict in this context.
>
> Now simply enabling the warning globally does not fly due to the stated
> reason above that we simply have too many sites where we use the wrong
> integer types. Instead, this patch series introduces a new macro that
> allows us to explicitly mark files that generate such warnings. Like
> this, we can adapt the codebase over time and hopefully make this class
> of vulnerabilities harder to land.
>
> There are a couple of trivial conflicts with kn/midx-wo-the-repository,
> but I don't think it makes sense to make that a dependency of this
> sereis. Let me know in case you disagree and I'll change the base of
> this series.
>
> Thanks!
>
> Patrick
I have read the whole patches. Only left few comments in one patch. The
others are looking good to me.
Thanks,
Jialuo
next prev parent reply other threads:[~2024-11-30 10:55 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 13:13 [PATCH 00/10] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 01/10] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 02/10] compat/regex: explicitly ignore " Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 03/10] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 04/10] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 05/10] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 06/10] global: fix unsigned integer promotions in ternary statements Patrick Steinhardt
2024-11-30 10:44 ` shejialuo
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-01 21:59 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 07/10] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 08/10] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-01 22:07 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 09/10] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-01 22:08 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-05 19:14 ` Jeff King
2024-11-29 13:13 ` [PATCH 10/10] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-01 22:09 ` Jeff King
2024-11-30 10:55 ` shejialuo [this message]
2024-12-02 7:54 ` [PATCH 00/10] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-12-01 22:29 ` Jeff King
2024-12-02 7:53 ` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 00/14] " Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 01/14] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 02/14] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 03/14] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 04/14] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 05/14] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 06/14] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 07/14] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-04 5:31 ` Junio C Hamano
2024-12-02 12:04 ` [PATCH v2 08/14] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 09/14] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 10/14] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 11/14] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 12/14] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-02 13:18 ` shejialuo
2024-12-02 13:24 ` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 13/14] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 14/14] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-02 13:28 ` [PATCH v2 00/14] Start compiling with `-Wsign-compare` shejialuo
2024-12-04 5:47 ` [PATCH] sign-compare: 32-bit support Junio C Hamano
2024-12-05 9:32 ` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 00/15] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 01/15] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 02/15] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 03/15] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 04/15] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 05/15] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 06/15] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 07/15] sign-compare: 32-bit support Patrick Steinhardt
2024-12-05 19:34 ` Jeff King
2024-12-06 8:44 ` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 08/15] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 09/15] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 10/15] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 11/15] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 12/15] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 13/15] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 14/15] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 15/15] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 00/16] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 01/16] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-06 12:32 ` karthik nayak
2024-12-06 10:27 ` [PATCH v4 02/16] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 03/16] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 04/16] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 05/16] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 06/16] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 07/16] csum-file: fix -Wsign-compare warning on 32-bit platform Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 08/16] pkt-line: fix -Wsign-compare warning on 32 bit platform Patrick Steinhardt
2024-12-08 19:57 ` Jeff King
2024-12-09 0:09 ` Junio C Hamano
2024-12-06 10:27 ` [PATCH v4 09/16] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 10/16] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 11/16] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 12/16] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 13/16] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2025-01-08 19:17 ` Johannes Schindelin
2025-01-09 6:20 ` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 14/16] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 15/16] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 16/16] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-06 13:11 ` [PATCH v4 00/16] Start compiling with `-Wsign-compare` karthik nayak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z0rvKwXh8mUikBeU@ArchLinux \
--to=shejialuo@gmail.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.