On Fri, Nov 28, 2025 at 12:41 AM Peter Eisentraut <[email protected]> wrote: > I test this once in a while and fix the issues that I find. But it's > very picky and you will find difficult to fix problems like the fact > that the signedness of enums is implementation-defined, and so the only > portable fix there would be to add more casts.
Once you've gotten into that situation, don't you have potential sign-extension issues during int promotion, which require casts anyway? It might be nice to fix those up regardless (he said, from his armchair). But that doesn't seem as pressing as the other potential problems. > I think it could be useful to tighten the source code with respect to > implicit integer conversions, using warnings such as -Wsign-conversion > and -Wconversion as well as -Wformat-signedness. There are surely > hidden overflow or truncation issues similar to CVE-2025-12818 hidden > somewhere. But explicit casts defeat those warnings, so removing > unnecessary casts is a good step on the way there. +1. (And your v2 looks good to me.) --Jacob
