gthreadedresolver: faulty logic in parse_res_txt
When glib
is compiled with -Wsign-compare
, one warning (of hundreds) is:
[2/182] Compiling C object gio/libgio-2.0.so.0.6600.0.p/gthreadedresolver.c.o
../../../../jhbuild/checkout/glib/gio/gthreadedresolver.c: In function ‘parse_res_txt’:
../../../../jhbuild/checkout/glib/gio/gthreadedresolver.c:623:15: warning: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘long int’ [-Wsign-compare]
623 | if (len > at - end)
| ^
That line is in a loop:
gsize len;
…
while (at < end)
{
len = *(at++);
if (len > at - end)
break;
g_ptr_array_add (array, g_strndup ((gchar *)at, len));
at += len;
}
and at - end
is negative (or at most zero, if the byte copied to len
is the last byte in the buffer). If at - end
is negative, it is promoted to gsize
in the comparison with len
, with a value close to G_MAX_SIZE
, so the comparison fails and execution continues in the loop.
But then g_strndup ((gchar *)at, len)
is unsafe if at + len > end
, and to guard against that the test should be
if (len > end - at)
break;
Since end - at
is non-negative, it can safely be cast to gsize
to avoid another sign-compare
warning.