Package: flex Version: 2.5.39-8+deb8u1 Severity: normal After this update, I get the following warning when compiling the flex generated code with gcc, which I didn't get before:
scan.cpp: In function âint yy_get_next_buffer(yyscan_t)â: scan.cpp:758:18: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] scan.cpp:1384:3: note: in expansion of macro âYY_INPUTâ Looking at the code: #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ size_t n; \ for ( n = 0; n < max_size && \ Invoked as: int num_to_read = ... YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), yyg->yy_n_chars, num_to_read ); So indeed an unsigned value (n) is compared with a signed one (num_to_read). If this is correct, the warning can be silenced with a cast of the appropriate one of them. flex hasn't exactly been known for generating warning-free code, but what really worries me is that this is a security update. Fixing a security problem by introducing a sign-problem seems fishy to me. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages flex depends on: ii debconf [debconf-2.0] 1.5.56 ii dpkg 1.17.27 ii install-info 5.2.0.dfsg.1-6 ii libc6 2.19-18+deb8u5 ii libfl-dev 2.5.39-8+deb8u1 ii m4 1.4.17-4 Versions of packages flex recommends: ii clang-3.5 [c-compiler] 1:3.5-10 ii gcc [c-compiler] 4:4.9.2-2 ii gcc-4.8 [c-compiler] 4.8.4-1 ii gcc-4.9 [c-compiler] 4.9.2-10 Versions of packages flex suggests: ii bison 2:3.0.2.dfsg-2 ii build-essential 11.7 -- no debconf information