decompress_bunzip2: fix sizeof type in start_bunzip
diff mbox series

Message ID 20200712125952.8809-1-trix@redhat.com
State New
Headers show
Series
  • decompress_bunzip2: fix sizeof type in start_bunzip
Related show

Commit Message

Tom Rix July 12, 2020, 12:59 p.m. UTC
From: Tom Rix <trix@redhat.com>

clang static analysis flags this error

lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is converted
  to a pointer of type 'unsigned int', which is incompatible with sizeof
  operand type 'int' [unix.MallocSizeof]
        bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reviewing the bunzip_data structure, the element dbuf is type

	/* Intermediate buffer and its size (in bytes) */
	unsigned int *dbuf, dbufSize;

So change the type in sizeof to 'unsigned int'

Fixes: bc22c17e12c1 ("bzip2/lzma: library support for gzip, bzip2 and lzma decompression")

Signed-off-by: Tom Rix <trix@redhat.com>
---
 lib/decompress_bunzip2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

H. Peter Anvin July 12, 2020, 1:09 p.m. UTC | #1
On 2020-07-12 05:59, trix@redhat.com wrote:
> From: Tom Rix <trix@redhat.com>
> 
> clang static analysis flags this error
> 
> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is converted
>   to a pointer of type 'unsigned int', which is incompatible with sizeof
>   operand type 'int' [unix.MallocSizeof]
>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Reviewing the bunzip_data structure, the element dbuf is type
> 
> 	/* Intermediate buffer and its size (in bytes) */
> 	unsigned int *dbuf, dbufSize;
> 
> So change the type in sizeof to 'unsigned int'
> 

You must be kidding.

If you want to change it, change it to sizeof(bd->dbuf) instead, but this flag
is at least in my opinion a total joke. For sizeof(int) != sizeof(unsigned
int) is beyond bizarre, no matter how stupid the platform.

	-hpa
Tom Rix July 12, 2020, 3:12 p.m. UTC | #2
On 7/12/20 6:09 AM, H. Peter Anvin wrote:
> On 2020-07-12 05:59, trix@redhat.com wrote:
>> From: Tom Rix <trix@redhat.com>
>>
>> clang static analysis flags this error
>>
>> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is converted
>>   to a pointer of type 'unsigned int', which is incompatible with sizeof
>>   operand type 'int' [unix.MallocSizeof]
>>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Reviewing the bunzip_data structure, the element dbuf is type
>>
>> 	/* Intermediate buffer and its size (in bytes) */
>> 	unsigned int *dbuf, dbufSize;
>>
>> So change the type in sizeof to 'unsigned int'
>>
> You must be kidding.
>
> If you want to change it, change it to sizeof(bd->dbuf) instead, but this flag
> is at least in my opinion a total joke. For sizeof(int) != sizeof(unsigned
> int) is beyond bizarre, no matter how stupid the platform.

Using the actual type is more correct that using a type of the same size.

trix

> 	-hpa
>
Joe Perches July 12, 2020, 9:49 p.m. UTC | #3
On Sun, 2020-07-12 at 08:12 -0700, Tom Rix wrote:
> On 7/12/20 6:09 AM, H. Peter Anvin wrote:
> > On 2020-07-12 05:59, trix@redhat.com wrote:
> > > From: Tom Rix <trix@redhat.com>
[]
> > > So change the type in sizeof to 'unsigned int'
> > You must be kidding.
> > 
> > If you want to change it, change it to sizeof(bd->dbuf) instead, but this flag
> > is at least in my opinion a total joke. For sizeof(int) != sizeof(unsigned
> > int) is beyond bizarre, no matter how stupid the platform.
> 
> Using the actual type is more correct that using a type of the same size.

Sure.

But this hardly matters as this same type conversion
from signed to unsigned or the other way round is
_everywhere_ in the kernel.

And especially the cc of stable is unnecessary.
H. Peter Anvin July 12, 2020, 10:21 p.m. UTC | #4
On July 12, 2020 8:12:43 AM PDT, Tom Rix <trix@redhat.com> wrote:
>
>On 7/12/20 6:09 AM, H. Peter Anvin wrote:
>> On 2020-07-12 05:59, trix@redhat.com wrote:
>>> From: Tom Rix <trix@redhat.com>
>>>
>>> clang static analysis flags this error
>>>
>>> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is
>converted
>>>   to a pointer of type 'unsigned int', which is incompatible with
>sizeof
>>>   operand type 'int' [unix.MallocSizeof]
>>>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>>>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>
>>> Reviewing the bunzip_data structure, the element dbuf is type
>>>
>>> 	/* Intermediate buffer and its size (in bytes) */
>>> 	unsigned int *dbuf, dbufSize;
>>>
>>> So change the type in sizeof to 'unsigned int'
>>>
>> You must be kidding.
>>
>> If you want to change it, change it to sizeof(bd->dbuf) instead, but
>this flag
>> is at least in my opinion a total joke. For sizeof(int) !=
>sizeof(unsigned
>> int) is beyond bizarre, no matter how stupid the platform.
>
>Using the actual type is more correct that using a type of the same
>size.
>
>trix
>
>> 	-hpa
>>

"More correct?" All it is is more verbose.

Using the sizeof of the actual object at least adds some actual safety.
Tom Rix July 13, 2020, 7:27 p.m. UTC | #5
On 7/12/20 3:21 PM, hpa@zytor.com wrote:
> On July 12, 2020 8:12:43 AM PDT, Tom Rix <trix@redhat.com> wrote:
>> On 7/12/20 6:09 AM, H. Peter Anvin wrote:
>>> On 2020-07-12 05:59, trix@redhat.com wrote:
>>>> From: Tom Rix <trix@redhat.com>
>>>>
>>>> clang static analysis flags this error
>>>>
>>>> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is
>> converted
>>>>   to a pointer of type 'unsigned int', which is incompatible with
>> sizeof
>>>>   operand type 'int' [unix.MallocSizeof]
>>>>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>>>>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>
>>>> Reviewing the bunzip_data structure, the element dbuf is type
>>>>
>>>> 	/* Intermediate buffer and its size (in bytes) */
>>>> 	unsigned int *dbuf, dbufSize;
>>>>
>>>> So change the type in sizeof to 'unsigned int'
>>>>
>>> You must be kidding.
>>>
>>> If you want to change it, change it to sizeof(bd->dbuf) instead, but
>> this flag
>>> is at least in my opinion a total joke. For sizeof(int) !=
>> sizeof(unsigned
>>> int) is beyond bizarre, no matter how stupid the platform.
>> Using the actual type is more correct that using a type of the same
>> size.
>>
>> trix
>>
>>> 	-hpa
>>>
> "More correct?" All it is is more verbose.
>
> Using the sizeof of the actual object at least adds some actual safety.

Sorry, I am being pedantic, I mean anything that produces the correct assembly is correct. But there are different path to being correct.  The path I was suggesting to follow the type of the element/final pointer when allocating an memory.

large_malloc(bd->dbufSize * sizeof(*bd->dbuf)) would also work

I will respin.

trix
H. Peter Anvin July 13, 2020, 7:51 p.m. UTC | #6
On July 13, 2020 12:27:02 PM PDT, Tom Rix <trix@redhat.com> wrote:
>
>On 7/12/20 3:21 PM, hpa@zytor.com wrote:
>> On July 12, 2020 8:12:43 AM PDT, Tom Rix <trix@redhat.com> wrote:
>>> On 7/12/20 6:09 AM, H. Peter Anvin wrote:
>>>> On 2020-07-12 05:59, trix@redhat.com wrote:
>>>>> From: Tom Rix <trix@redhat.com>
>>>>>
>>>>> clang static analysis flags this error
>>>>>
>>>>> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is
>>> converted
>>>>>   to a pointer of type 'unsigned int', which is incompatible with
>>> sizeof
>>>>>   operand type 'int' [unix.MallocSizeof]
>>>>>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>>>>>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>
>>>>> Reviewing the bunzip_data structure, the element dbuf is type
>>>>>
>>>>> 	/* Intermediate buffer and its size (in bytes) */
>>>>> 	unsigned int *dbuf, dbufSize;
>>>>>
>>>>> So change the type in sizeof to 'unsigned int'
>>>>>
>>>> You must be kidding.
>>>>
>>>> If you want to change it, change it to sizeof(bd->dbuf) instead,
>but
>>> this flag
>>>> is at least in my opinion a total joke. For sizeof(int) !=
>>> sizeof(unsigned
>>>> int) is beyond bizarre, no matter how stupid the platform.
>>> Using the actual type is more correct that using a type of the same
>>> size.
>>>
>>> trix
>>>
>>>> 	-hpa
>>>>
>> "More correct?" All it is is more verbose.
>>
>> Using the sizeof of the actual object at least adds some actual
>safety.
>
>Sorry, I am being pedantic, I mean anything that produces the correct
>assembly is correct. But there are different path to being correct. 
>The path I was suggesting to follow the type of the element/final
>pointer when allocating an memory.
>
>large_malloc(bd->dbufSize * sizeof(*bd->dbuf)) would also work
>
>I will respin.
>
>trix

This isn't Linux style, but in the NASM source I have been migrating to macros:

nasm_new(ptr);
nasm_newn(ptr,n);

... using sizeof() in exactly this manner.

Patch
diff mbox series

diff --git a/lib/decompress_bunzip2.c b/lib/decompress_bunzip2.c
index 7c4932eed748..59ab76bda7a7 100644
--- a/lib/decompress_bunzip2.c
+++ b/lib/decompress_bunzip2.c
@@ -668,7 +668,7 @@  static int INIT start_bunzip(struct bunzip_data **bdp, void *inbuf, long len,
 	   uncompressed data.  Allocate intermediate buffer for block. */
 	bd->dbufSize = 100000*(i-BZh0);
 
-	bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
+	bd->dbuf = large_malloc(bd->dbufSize * sizeof(unsigned int));
 	if (!bd->dbuf)
 		return RETVAL_OUT_OF_MEMORY;
 	return RETVAL_OK;