gdusmessage.c mishandles bounds of GDBusMessageType and related enums
@dmacks
Submitted by Daniel Macks Assigned to David Zeuthen
Link to original bug (#731607)
Description
Building glib-2.40.0 on OS X 10.8...
CC libgio_2_0_la-gdbusmessage.lo
gdbusmessage.c:919:38: warning: comparison of constant 256 with expression of type 'GDBusMessageType' is always true [-Wtautological-constant-out-of-range-compare]
g_return_if_fail (type >=0 && type < 256);
~~~~ ^ ~~~
../glib/gmessages.h:368:18: note: expanded from macro 'g_return_if_fail'
if G_LIKELY(expr) { } else
^
../glib/gmacros.h:309:59: note: expanded from macro 'G_LIKELY'
#define G_LIKELY(expr) (__builtin_expect (_G_BOOLEAN_EXPR(expr), 1))
^
../glib/gmacros.h:303:8: note: expanded from macro '_G_BOOLEAN_EXPR'
if (expr)
^
gdbusmessage.c:966:40: warning: comparison of constant 256 with expression of type 'GDBusMessageFlags' is always true [-Wtautological-constant-out-of-range-compare]
g_return_if_fail (flags >=0 && flags < 256);
~~~~~ ^ ~~~
../glib/gmessages.h:368:18: note: expanded from macro 'g_return_if_fail'
if G_LIKELY(expr) { } else
^
../glib/gmacros.h:309:59: note: expanded from macro 'G_LIKELY'
#define G_LIKELY(expr) (__builtin_expect (_G_BOOLEAN_EXPR(expr), 1))
^
../glib/gmacros.h:303:8: note: expanded from macro '_G_BOOLEAN_EXPR'
if (expr)
^
gdbusmessage.c:1041:58: warning: comparison of constant 256 with expression of type 'GDBusMessageHeaderField' is always true [-Wtautological-constant-out-of-range-compare]
g_return_val_if_fail (header_field >=0 && header_field < 256, NULL);
~~~~~~~~~~~~ ^ ~~~
../glib/gmessages.h:377:18: note: expanded from macro 'g_return_val_if_fail'
if G_LIKELY(expr) { } else
^
../glib/gmacros.h:309:59: note: expanded from macro 'G_LIKELY'
#define G_LIKELY(expr) (__builtin_expect (_G_BOOLEAN_EXPR(expr), 1))
^
../glib/gmacros.h:303:8: note: expanded from macro '_G_BOOLEAN_EXPR'
if (expr)
^
gdbusmessage.c:1063:54: warning: comparison of constant 256 with expression of type 'GDBusMessageHeaderField' is always true [-Wtautological-constant-out-of-range-compare]
g_return_if_fail (header_field >=0 && header_field < 256);
~~~~~~~~~~~~ ^ ~~~
../glib/gmessages.h:368:18: note: expanded from macro 'g_return_if_fail'
if G_LIKELY(expr) { } else
^
../glib/gmacros.h:309:59: note: expanded from macro 'G_LIKELY'
#define G_LIKELY(expr) (__builtin_expect (_G_BOOLEAN_EXPR(expr), 1))
^
../glib/gmacros.h:303:8: note: expanded from macro '_G_BOOLEAN_EXPR'
if (expr)
^
In each case, it's assuming a variable is "A 8-bit unsigned integer (typically a value from the #GDBusMessageType enumeration)." (or other enumeration types) But it's used strictly as that enum type as part of an opaque struct. Therefore, passing something between "highest known enum value" and 256 seems like an error (requesting an unimplemented type). Would be safer to have a separate #define identifying the highest implemented enum token and compare to that.
Version: 2.40.x