From: Theo Buehler Subject: Re: bgpd: fix comparison on 32bit arch To: tech@openbsd.org Date: Thu, 7 May 2026 14:24:39 +0200 On Thu, May 07, 2026 at 01:30:16PM +0200, Claudio Jeker wrote: > This fixes a warning on 32bit archs where ptrdiff_t is a 32bit signed value > and adjoutlen is uint32_t. > > /usr/src/usr.sbin/bgpd/rde_adjout.c: In function 'adjout_prefix_index': > /usr/src/usr.sbin/bgpd/rde_adjout.c:423: warning: comparison between signed and unsigned > > On 64bit archs this does not happen since there ptrdiff_t is 64bit signed > and so the uint32_t is promoted to a signed 64bit value. Which is a OK. > > Doing the size_t cast should be ok since negative idx was just ruled out > before. The cast itself is safe. ok tb [Since C is such a wonderful language, I'm not sure what the check really does since pte->adjout always points at the start and adjoutlen is always the full length, so either condition implies UB has happened since pointer differences are only defined for elements of the same array object (or one past the last element).] > -- > :wq Claudio > > Index: rde_adjout.c > =================================================================== > RCS file: /cvs/src/usr.sbin/bgpd/rde_adjout.c,v > diff -u -p -r1.16 rde_adjout.c > --- rde_adjout.c 17 Mar 2026 09:29:29 -0000 1.16 > +++ rde_adjout.c 7 May 2026 11:17:45 -0000 > @@ -420,7 +420,7 @@ adjout_prefix_index(struct pt_entry *pte > { > ptrdiff_t idx = p - pte->adjout; > > - if (idx < 0 || idx > pte->adjoutlen) > + if (idx < 0 || (size_t)idx > pte->adjoutlen) > fatalx("corrupt pte adjout list"); > > return idx; >