comparison between signed and unsigned integer

And Sch andsch at inbox.com
Mon Oct 13 16:47:30 CEST 2014


I recently added '-Wextra' to my compile flags and I get many of the following
warnings when compiling libgcrypt.

warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

I have looked through them all and most of them are comparing a signed counter
with size_t or unsigned int, which should be benign. However, researching the
warning there are certain nasty bugs that appear if the signed int is ever
negative...

http://www.jwwalker.com/pages/safe-compare.html

https://www.securecoding.cert.org/confluence/display/cplusplus/INT02-CPP.+Understand+integer+conversion+rules

Now, Werner Koch said in the bug tracker that fixing this may introduce bugs, and I would agree. It probably wouldn't be worthwhile because there are no obvious bugs ATM.

However, here is my second proposal, why not add a call to assert() before the comparison to make sure the signed int is not negative. This shouldn't introduce any bugs AFAIK, and can be turned off globally.

____________________________________________________________
FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop!
Check it out at http://www.inbox.com/marineaquarium





More information about the Gcrypt-devel mailing list