New loplugin:unsignedcompare

"Find explicit casts from signed to unsigned integer in comparison against unsigned integer, where the cast is presumably used to avoid warnings about signed vs. unsigned comparisons, and could thus be replaced with o3tl::make_unsigned for clairty." (compilerplugins/clang/unsignedcompare.cxx) o3tl::make_unsigned requires its argument to be non-negative, and there is a chance that some original code like static_cast<sal_uInt32>(n) >= c used the explicit cast to actually force a (potentially negative) value of sal_Int32 to be interpreted as an unsigned sal_uInt32, rather than using the cast to avoid a false "signed vs. unsigned comparison" warning in a case where n is known to be non-negative. It appears that restricting this plugin to non- equality comparisons (<, >, <=, >=) and excluding equality comparisons (==, !=) is a useful heuristic to avoid such false positives. The only remainging false positive I found was 0288c8ffecff4956a52b9147d441979941e8b87f "Rephrase cast from sal_Int32 to sal_uInt32". But which of course does not mean that there were no further false positivies that I missed. So this commit may accidentally introduce some false hits of the assert in o3tl::make_unsigned. At least, it passed a full (Linux ASan+UBSan --enable-dbgutil) `make check && make screenshot`. It is by design that o3tl::make_unsigned only accepts signed integer parameter types (and is not defined as a nop for unsigned ones), to avoid unnecessary uses which would in general be suspicious. But the STATIC_ARRAY_SELECT macro in include/oox/helper/helper.hxx is used with both signed and unsigned types, so needs a little oox::detail::make_unsigned helper function for now. (The ultimate fix being to get rid of the macro in the first place.) Change-Id: Ia4adc9f44c70ad1dfd608784cac39ee922c32175 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87556 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
author: Stephan Bergmann <sbergman@redhat.com> 2020-01-27 09:30:39 +0100
committer: Stephan Bergmann <sbergman@redhat.com> 2020-01-28 07:42:15 +0100
commit: aef7feb3e695ecf6d411f0777196dcc4281e201a (patch)
tree: 6adff7e08e6431ff87c575d026e330badb9a6cd3 /sal
parent: 65f007c629e5a7b2710e21e3f26164b433576e27 (diff)
5 files changed, 14 insertions, 9 deletions
diff --git a/sal/osl/unx/file.cxx b/sal/osl/unx/file.cxx
index 501d9bd1e0b9..aa293f914d74 100644
--- a/sal/osl/unx/file.cxx
+++ b/sal/osl/unx/file.cxx
@@ -18,6 +18,7 @@
  */
 
 #include <config_features.h>
+#include <o3tl/safeint.hxx>
 #include <o3tl/typed_flags_set.hxx>
 #include <sal/log.hxx>
 #include <osl/diagnose.h>
@@ -331,7 +332,7 @@ oslFileError FileHandle_Impl::readAt(
 
         m_offset = nOffset;
 
-        if (static_cast<sal_uInt64>(m_offset) >= m_size)
+        if (o3tl::make_unsigned(m_offset) >= m_size)
         {
             nBytes = 0;
         }
diff --git a/sal/osl/unx/file_url.cxx b/sal/osl/unx/file_url.cxx
index 513b8661d406..011998838db2 100644
--- a/sal/osl/unx/file_url.cxx
+++ b/sal/osl/unx/file_url.cxx
@@ -32,6 +32,7 @@
 #include <strings.h>
 #include <unistd.h>
 
+#include <o3tl/safeint.hxx>
 #include <osl/file.hxx>
 #include <osl/security.hxx>
 #include <osl/socket.h>
@@ -834,7 +835,7 @@ oslFileError FileURLToPath(char * buffer, size_t bufLen, rtl_uString* ustrFileUR
 
     osl_systemPathRemoveSeparator(strSystemPath.pData);
 
-    if (sal_uInt32(strSystemPath.getLength()) >= bufLen) {
+    if (o3tl::make_unsigned(strSystemPath.getLength()) >= bufLen) {
         return osl_File_E_OVERFLOW;
     }
     std::strcpy(buffer, strSystemPath.getStr());
diff --git a/sal/osl/unx/pipe.cxx b/sal/osl/unx/pipe.cxx
index d601b6531531..153db04d99fa 100644
--- a/sal/osl/unx/pipe.cxx
+++ b/sal/osl/unx/pipe.cxx
@@ -19,6 +19,7 @@
 
 #include "system.hxx"
 
+#include <o3tl/safeint.hxx>
 #include <osl/pipe.h>
 #include <osl/diagnose.h>
 #include <osl/thread.h>
@@ -172,7 +173,7 @@ static oslPipe osl_psz_createPipe(const char *pszPipeName, oslPipeOptions Option
         name += OStringLiteral("OSL_PIPE_") + pszPipeName;
     }
 
-    if (sal_uInt32(name.getLength()) >= sizeof addr.sun_path)
+    if (o3tl::make_unsigned(name.getLength()) >= sizeof addr.sun_path)
     {
         SAL_WARN("sal.osl.pipe", "osl_createPipe: pipe name too long");
         return nullptr;
diff --git a/sal/osl/unx/security.cxx b/sal/osl/unx/security.cxx
index 23b8046dbcb5..f6fc52ce5398 100644
--- a/sal/osl/unx/security.cxx
+++ b/sal/osl/unx/security.cxx
@@ -32,6 +32,7 @@
 
 #include "system.hxx"
 
+#include <o3tl/safeint.hxx>
 #include <osl/security.h>
 #include <rtl/bootstrap.hxx>
 #include <sal/log.hxx>
@@ -68,7 +69,7 @@ static bool sysconf_SC_GETPW_R_SIZE_MAX(std::size_t * value) {
            way and always set EINVAL, so be resilient here: */
         return false;
     }
-    SAL_WARN_IF( m < 0 || static_cast<unsigned long>(m) >= std::numeric_limits<std::size_t>::max(), "sal.osl",
+    SAL_WARN_IF( m < 0 || o3tl::make_unsigned(m) >= std::numeric_limits<std::size_t>::max(), "sal.osl",
                 "m < 0 || (unsigned long) m >= std::numeric_limits<std::size_t>::max()");
     *value = static_cast<std::size_t>(m);
     return true;
@@ -235,7 +236,7 @@ sal_Bool SAL_CALL osl_getUserName(oslSecurity Security, rtl_uString **ustrName)
     if (pSecImpl != nullptr && pSecImpl->m_pPasswd.pw_name != nullptr) {
         pszName = pSecImpl->m_pPasswd.pw_name;
         auto const n = std::strlen(pszName);
-        if (n <= sal_uInt32(std::numeric_limits<sal_Int32>::max())) {
+        if (n <= o3tl::make_unsigned(std::numeric_limits<sal_Int32>::max())) {
             len = n;
             bRet = true;
         }
@@ -353,7 +354,7 @@ static bool osl_psz_getHomeDir(oslSecurity Security, OString* pszDirectory)
         if (pStr != nullptr && pStr[0] != '\0' && access(pStr, 0) == 0)
         {
             auto const len = std::strlen(pStr);
-            if (len > sal_uInt32(std::numeric_limits<sal_Int32>::max())) {
+            if (len > o3tl::make_unsigned(std::numeric_limits<sal_Int32>::max())) {
                 return false;
             }
             *pszDirectory = OString(pStr, len);
@@ -363,7 +364,7 @@ static bool osl_psz_getHomeDir(oslSecurity Security, OString* pszDirectory)
     if (pSecImpl->m_pPasswd.pw_dir != nullptr)
     {
         auto const len = std::strlen(pSecImpl->m_pPasswd.pw_dir);
-        if (len > sal_uInt32(std::numeric_limits<sal_Int32>::max())) {
+        if (len > o3tl::make_unsigned(std::numeric_limits<sal_Int32>::max())) {
             return false;
         }
         *pszDirectory = OString(pSecImpl->m_pPasswd.pw_dir, len);
@@ -472,7 +473,7 @@ static bool osl_psz_getConfigDir(oslSecurity Security, OString* pszDirectory)
     else
     {
         auto const len = std::strlen(pStr);
-        if (len > sal_uInt32(std::numeric_limits<sal_Int32>::max())) {
+        if (len > o3tl::make_unsigned(std::numeric_limits<sal_Int32>::max())) {
             return false;
         }
         *pszDirectory = OString(pStr, len);
diff --git a/sal/textenc/converter.cxx b/sal/textenc/converter.cxx
index 92eca3fc190a..60e6a3383708 100644
--- a/sal/textenc/converter.cxx
+++ b/sal/textenc/converter.cxx
@@ -19,6 +19,7 @@
 
 #include <sal/config.h>
 
+#include <o3tl/safeint.hxx>
 #include <rtl/textcvt.h>
 #include <sal/types.h>
 
@@ -141,7 +142,7 @@ sal::detail::textenc::handleBadInputUnicodeToTextConversion(
         cReplace = '_';
         break;
     }
-    if (static_cast<sal_Size>(pDestBufEnd - *pDestBufPtr) > nPrefixLen)
+    if (o3tl::make_unsigned(pDestBufEnd - *pDestBufPtr) > nPrefixLen)
     {
         while (nPrefixLen-- > 0)
             *(*pDestBufPtr)++ = *pPrefix++;
author	Stephan Bergmann <sbergman@redhat.com>	2020-01-27 09:30:39 +0100
committer	Stephan Bergmann <sbergman@redhat.com>	2020-01-28 07:42:15 +0100
commit	aef7feb3e695ecf6d411f0777196dcc4281e201a (patch)
tree	6adff7e08e6431ff87c575d026e330badb9a6cd3 /sal
parent	65f007c629e5a7b2710e21e3f26164b433576e27 (diff)