| Summary: | DAHTOOL-00025: [patch] Unsafe comparisons in tonezone.c | ||
| Reporter: | Guillaume Knispel (gknispel_proformatique) | Labels: | |
| Date Opened: | 2009-04-14 10:24:07 | Date Closed: | 2009-09-15 12:15:08 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | General |
| Versions: | 2.1.0.2 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) tonezone_safe_compare_int_sizeof.patch | |
| Description: | When building with -Wall -Wextra instead of just -Wall, GCC issue more warnings, among which some point to really dangerous constructs. The comparison "size < sizeof(*td)" in build_tone() line 137 yields "comparison between signed and unsigned" ("size" is of type "int") and ISO/IEC 9899:TC3 states in "6.3.1.8 Usual arithmetic conversions" that : "[...] Otherwise, if the operand that has unsigned integer type has rank greater or equal to the rank of the type of the other operand, then the operand with signed integer type is converted to the type of the operand with unsigned integer type. [...]" So what "size < sizeof(*td)" really means is "(size_t)size < sizeof(*td)" which is probably not the real intent (the resultant behavior of the following code in build_tone() would most probably be undefined if "size" is ever negative). Same thing in build_mf_tones() line 328. | ||
| Comments: | By: Digium Subversion (svnbot) 2009-09-15 12:15:07 Repository: dahdi Revision: 7132 U tools/trunk/tonezone.c ------------------------------------------------------------------------ r7132 | tzafrir | 2009-09-15 12:15:06 -0500 (Tue, 15 Sep 2009) | 5 lines Fix signed/unsigned comparisons in tonezone.c (closes issue DAHTOOL-25) Reported by: gknispel_proformatique ------------------------------------------------------------------------ http://svn.digium.com/view/dahdi?view=rev&revision=7132 | ||