Re: getopt.c warnings patch
Hi, Paul J. Lucas wrote: > The getopt.c file generates the following warnings from Apple’s gcc (Apple > clang version 11.0.3 (clang-1103.0.32.62)): > > > getopt.c:208:21: warning: implicit conversion changes signedness: 'long' to > 'size_t' (aka 'unsigned long') [-Wsign-conversion] > namelen = nameend - d->__nextchar; > ~ ^~~ > getopt.c:255:34: warning: implicit conversion changes signedness: 'int' to > 'unsigned long' [-Wsign-conversion] > else if ((ambig_set = malloc (n_options)) == NULL) > ~~ ^ The obvious "fix" for these warnings is to introduce a cast. But such casts would decrease the robustness of the code. As I wrote in [1], such explicit casts introduce bugs when the standards change or some platform is not 100% standards compliant. Therefore it is best to ignore warnings of this type. That's what gnulib does, through the file build-aux/gcc-warning.spec, when you use the gl_MANYWARN_ALL_GCC macro. > getopt.c:369:16: warning: variable 'option_index' may be uninitialized when > used > here [-Wconditional-uninitialized] > *longind = option_index; >^~~~ > getopt.c:204:19: note: initialize the variable 'option_index' to silence this > warning > int option_index; > ^ >= 0 Here the code is copying an uninitialized value, if pfound == NULL. But this is harmless, because 1) The documentation of _getopt_internal_r says that "LONGIND returns the index in LONGOPT of the long-named option found. It is only valid when a long-named option has been found by the most recent call." 2) valgrind does not complain about copying an uninitialized value, if it ends up being unused. Bruno [1] https://bugs.llvm.org/show_bug.cgi?id=46025
getopt.c warnings patch
The getopt.c file generates the following warnings from Apple’s gcc (Apple
clang version 11.0.3 (clang-1103.0.32.62)):
getopt.c:208:21: warning: implicit conversion changes signedness: 'long' to
'size_t' (aka 'unsigned long') [-Wsign-conversion]
namelen = nameend - d->__nextchar;
~ ^~~
getopt.c:255:34: warning: implicit conversion changes signedness: 'int' to
'unsigned long' [-Wsign-conversion]
else if ((ambig_set = malloc (n_options)) == NULL)
~~ ^
getopt.c:369:16: warning: variable 'option_index' may be uninitialized when used
here [-Wconditional-uninitialized]
*longind = option_index;
^~~~
getopt.c:204:19: note: initialize the variable 'option_index' to silence this
warning
int option_index;
^
= 0
3 warnings generated.
when compiled with these warnings enabled:
-Wall -Wcast-align -Wcomma -Wconditional-type-mismatch
-Wconditional-uninitialized -Wconversion -Wextra -Wfloat-equal
-Wfor-loop-analysis -Widiomatic-parentheses -Wimplicit-fallthrough
-Wlogical-op-parentheses -Wnewline-eof -Wno-unknown-warning-option
-Wredundant-decls -Wshadow -Wshift-sign-overflow -Wsign-compare
-Wsign-conversion -Wsometimes-uninitialized -Wstring-conversion -Wuninitialized
-Wunreachable-code-break -Wunreachable-code -Wunused -Wwrite-strings
Below is a patch that fixes all these warnings.
- Paul
--- lib/getopt.c.ORIG 2020-05-27 14:45:22.0 -0700
+++ lib/getopt.c2020-05-27 14:57:42.0 -0700
@@ -201,11 +201,11 @@
const struct option *p;
const struct option *pfound = NULL;
int n_options;
- int option_index;
+ int option_index = 0;
for (nameend = d->__nextchar; *nameend && *nameend != '='; nameend++)
/* Do nothing. */ ;
- namelen = nameend - d->__nextchar;
+ namelen = (size_t)(nameend - d->__nextchar);
/* First look for an exact match, counting the options as a side
effect. */
@@ -252,7 +252,7 @@
{
if (__libc_use_alloca (n_options))
ambig_set = alloca (n_options);
- else if ((ambig_set = malloc (n_options)) == NULL)
+ else if ((ambig_set = malloc ((size_t)n_options)) ==
NULL)
/* Fall back to simpler error message. */
ambig_fallback = 1;
else
