Date: Sun, 6 Nov 2011 17:36:06 -0700 From: Warner Losh <imp@bsdimp.com> To: Rui Paulo <rpaulo@FreeBSD.org> Cc: Alexander Best <arundel@FreeBSD.org>, freebsd-toolchain@FreeBSD.org, Dimitry Andric <dim@FreeBSD.org> Subject: Re: [poc] buildkernel + clang + -Werror Message-ID: <242747B7-3EAE-4988-A975-DC58B0997A6F@bsdimp.com> In-Reply-To: <C7A0F95A-0F55-47BF-AD60-66DDAEEC3EC7@FreeBSD.org> References: <20111105102102.GA54596@freebsd.org> <20111106172835.GO2258@hoeg.nl> <20111106203316.GA73216@freebsd.org> <4EB6F38E.2080006@FreeBSD.org> <20111106205805.GA78142@freebsd.org> <C7A0F95A-0F55-47BF-AD60-66DDAEEC3EC7@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 6, 2011, at 2:13 PM, Rui Paulo wrote: > The only argument against this tautological check that I agree with is = when the code is explicitly trying to be safe. If the developer checks = for "i < 0" when indexing an array he/she is trying to guard against = possible pitfalls in the future when someone suddenly decides to change = the variable type to become signed. One possible security vulnerability = was avoided because that developer checked for negative values. > I'm against turning this off by default, but it should not cause an = error. Except when you pass args back and forth between signed and unsigned and = back again. If you check < 0 in the middle, that's one more security = bug you thought you had fixed, but really you've done nothing with. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?242747B7-3EAE-4988-A975-DC58B0997A6F>