From: Claudio Jeker Subject: Re: bgpd: fix comparison on 32bit arch To: Theo Buehler Cc: tech@openbsd.org Date: Thu, 7 May 2026 14:30:47 +0200 On Thu, May 07, 2026 at 02:24:39PM +0200, Theo Buehler wrote: > On Thu, May 07, 2026 at 01:30:16PM +0200, Claudio Jeker wrote: > > This fixes a warning on 32bit archs where ptrdiff_t is a 32bit signed value > > and adjoutlen is uint32_t. > > > > /usr/src/usr.sbin/bgpd/rde_adjout.c: In function 'adjout_prefix_index': > > /usr/src/usr.sbin/bgpd/rde_adjout.c:423: warning: comparison between signed and unsigned > > > > On 64bit archs this does not happen since there ptrdiff_t is 64bit signed > > and so the uint32_t is promoted to a signed 64bit value. Which is a OK. > > > > Doing the size_t cast should be ok since negative idx was just ruled out > > before. > > The cast itself is safe. > > ok tb > > [Since C is such a wonderful language, I'm not sure what the check > really does since pte->adjout always points at the start and adjoutlen > is always the full length, so either condition implies UB has happened > since pointer differences are only defined for elements of the same > array object (or one past the last element).] I let the compiler decide. This is indeed a safety net that would not be needed if passing bad values to such a pointer math would be cought by the compiler. > > -- > > :wq Claudio > > > > Index: rde_adjout.c > > =================================================================== > > RCS file: /cvs/src/usr.sbin/bgpd/rde_adjout.c,v > > diff -u -p -r1.16 rde_adjout.c > > --- rde_adjout.c 17 Mar 2026 09:29:29 -0000 1.16 > > +++ rde_adjout.c 7 May 2026 11:17:45 -0000 > > @@ -420,7 +420,7 @@ adjout_prefix_index(struct pt_entry *pte > > { > > ptrdiff_t idx = p - pte->adjout; > > > > - if (idx < 0 || idx > pte->adjoutlen) > > + if (idx < 0 || (size_t)idx > pte->adjoutlen) > > fatalx("corrupt pte adjout list"); > > > > return idx; > > > -- :wq Claudio