On Fri, Nov 28, 2025 at 12:41 AM Peter Eisentraut <peter@eisentraut.org> wrote:
> I test this once in a while and fix the issues that I find. But it's
> very picky and you will find difficult to fix problems like the fact
> that the signedness of enums is implementation-defined, and so the only
> portable fix there would be to add more casts.
Once you've gotten into that situation, don't you have potential
sign-extension issues during int promotion, which require casts
anyway? It might be nice to fix those up regardless (he said, from his
armchair). But that doesn't seem as pressing as the other potential
problems.
> I think it could be useful to tighten the source code with respect to
> implicit integer conversions, using warnings such as -Wsign-conversion
> and -Wconversion as well as -Wformat-signedness. There are surely
> hidden overflow or truncation issues similar to CVE-2025-12818 hidden
> somewhere. But explicit casts defeat those warnings, so removing
> unnecessary casts is a good step on the way there.
+1. (And your v2 looks good to me.)
--Jacob
