From: Patrick Steinhardt <ps@pks.im>
To: Mike Hommey <mh@glandium.org>
Cc: Junio C Hamano <gitster@pobox.com>, git@vger.kernel.org
Subject: Re: [PATCH] connect: address -Wsign-compare warnings
Date: Mon, 20 Jan 2025 08:58:12 +0100 [thread overview]
Message-ID: <Z44CDZJblkvQ_6po@pks.im> (raw)
In-Reply-To: <20250117211830.75prk6e2u3qlatwt@glandium.org>
On Sat, Jan 18, 2025 at 06:18:30AM +0900, Mike Hommey wrote:
> On Fri, Jan 17, 2025 at 09:26:32AM -0800, Junio C Hamano wrote:
> > Mike Hommey <mh@glandium.org> writes:
> >
> > > Most of the warnings were about loop variables being declared as ints
> > > with a condition using a size_t, whereby switching the variable to
> > > size_t fixes the warning.
> > >
> > > One other case was comparing the result of strlen to an int passed
> > > as an argument, which turns out could just as well be passed as a
> > > size_t, albeit trickling to other functions.
> >
> > As long as the blast radius is limited (like this one, which most of
> > the cascades were within the callchain of file-scope statics), and
> > the changes of type is going in the right direction (in this case, I
> > see all are using size_t for length that may come from or compared
> > with the result of strlen(), which falls into that category), such a
> > change is very much welcomed.
> >
> > Even if the primary objective is to squelch the -Wsign-compare and
> > even if we are talking about a line in packet_reader object, which
> > would not exceed 64k bytes and using size_t is way overkill, that
> > is. I personally do not think -Wsign-compare cleanliness is buying
> > us all that much, compared to the amount of code churn. But this
> > one is well within the level that I can tolerate ;-).
It does generate quite a bit of churn indeed. But it also made us look a
lot closer in many places where such warnings are generated, and we
found multiple sites already where unexpected values can cause us to do
weird stuff, including going out of bounds. So if this allows us to
detect (or even better avoid introducing) even a single out-of-bounds
read/write that can be exploited I'm happy.
I think overall it's going to be a net win in the long term as it forces
us to think more carefullly about types, which we haven't really been
doing until now. And this is a frequent observation during code reviews,
so it also gets a tiny fraction of reviewer's time back.
> Do you want me to address Patrick's comments?
I don't mind it too much, the end result would be the same anyway. Just
keep it in mind for future patch series.
Patrick
prev parent reply other threads:[~2025-01-20 7:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-17 7:49 [PATCH] connect: address -Wsign-compare warnings Mike Hommey
2025-01-17 9:36 ` Patrick Steinhardt
2025-01-17 17:26 ` Junio C Hamano
2025-01-17 21:18 ` Mike Hommey
2025-01-17 21:21 ` Junio C Hamano
2025-01-20 7:58 ` Patrick Steinhardt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z44CDZJblkvQ_6po@pks.im \
--to=ps@pks.im \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=mh@glandium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).