lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 6 Dec 2016 13:19:45 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Brian Masney <masneyb@...tation.org>
Cc:     jic23@...nel.org, linux-iio@...r.kernel.org,
        devel@...verdev.osuosl.org, lars@...afoo.de,
        gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
        ldewangan@...dia.com, pmeerw@...erw.net, knaack.h@....de
Subject: Re: [PATCH 12/19] staging: iio: isl29028: fix comparison between
 signed and unsigned integers

On Mon, Dec 05, 2016 at 07:10:45PM -0500, Brian Masney wrote:
> On Mon, Dec 05, 2016 at 11:53:39PM +0300, Dan Carpenter wrote:
> > On Sat, Dec 03, 2016 at 09:19:36PM -0500, Brian Masney wrote:
> > > Fixed warning found by make W=2 to reduce the amount of build noise:
> > > 
> > > warning: comparison between signed and unsigned integer expressions
> > > [-Wsign-compare]
> > 
> > Ugh...  Please don't do work arounds for nonsense warnings.  W=2 is so
> > stupid.  Better to just grep -v this warning instead of trying to please
> > a broken static analysis.  Warnings like this are why it's disabled by
> > default.
> 
> Hi Dan,
>    I would normally agree, however there could be a case where this
> warning flags a legitimate issue. It is obviously not an issue in this
> case. Since I'm already working on cleaning up this driver to move it
> out of staging, I figured that I would make sure that it builds cleanly
> with W=2. This was the only warning found in that driver. The
> change is harmless in my opinion and it may eliminate a nonsense warning
> for someone else down the road when doing security audits.

Iterators should be int unless there is a specific reason for a fancier
data type.  Using complicated types just makes the code more complicated
and tiring to read.

Smatch or other similar static analysis tools know that "sel" is in the
0-7 range and that ARRAY_SIZE(prox_period) is 8.  GCC almost certainly
knows this as well.  The warning messages is just printed because the
devs are lazy.  It's totally pointless.

Don't work around lazy static analysis.  It sends the wrong message to
do pointless things.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ