Package: flex
Version: 2.5.39-8+deb8u1
Severity: normal
After this update, I get the following warning when compiling the
flex generated code with gcc, which I didn't get before:
scan.cpp: In function âint yy_get_next_buffer(yyscan_t)â:
scan.cpp:758:18: error: comparison between signed and unsigned integer
expressions [-Werror=sign-compare]
scan.cpp:1384:3: note: in expansion of macro âYY_INPUTâ
Looking at the code:
#define YY_INPUT(buf,result,max_size) \
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
{ \
int c = '*'; \
size_t n; \
for ( n = 0; n < max_size && \
Invoked as:
int num_to_read = ...
YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
yyg->yy_n_chars, num_to_read );
So indeed an unsigned value (n) is compared with a signed one
(num_to_read). If this is correct, the warning can be silenced with
a cast of the appropriate one of them.
flex hasn't exactly been known for generating warning-free code,
but what really worries me is that this is a security update. Fixing
a security problem by introducing a sign-problem seems fishy to me.
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages flex depends on:
ii debconf [debconf-2.0] 1.5.56
ii dpkg 1.17.27
ii install-info 5.2.0.dfsg.1-6
ii libc6 2.19-18+deb8u5
ii libfl-dev 2.5.39-8+deb8u1
ii m4 1.4.17-4
Versions of packages flex recommends:
ii clang-3.5 [c-compiler] 1:3.5-10
ii gcc [c-compiler] 4:4.9.2-2
ii gcc-4.8 [c-compiler] 4.8.4-1
ii gcc-4.9 [c-compiler] 4.9.2-10
Versions of packages flex suggests:
ii bison 2:3.0.2.dfsg-2
ii build-essential 11.7
-- no debconf information
