On 08/28/2016 11:13 PM, William Brown
wrote:
So either, this is a bug in the way openldap uses the ber_len_t type, we have a mistake in our logic, or something else hokey is going on. I would like to update this to: if ( (tag != LBER_END_OF_SEQORSET) && (len == 0) && (*fstr != NULL) ) Or even: if ( (tag != LBER_END_OF_SEQORSET) && (*fstr != NULL) ) What do you think of this assessment given the ber_len_t type?Looks like it's intentional by the openldap team. There are some other areas for this problem. Specifically: int ber_printf(BerElement *ber, const char *fmt, ...); lber.h:79:#define LBER_ERROR ((ber_tag_t) -1) We check if (ber_printf(...) != LBER_ERROR) Of course, we can't satisfy either. We can't cast the LBER_ERROR from uint -> int without changing the value of it, and we can't cast the output of ber_printf from int -> uint, again, without potentially changing the value of it. So it seems that the openldap library may be impossible to satisfy the gcc type checking with -Wsign-compare. For now, I may just avoid these in my fixes, as it seems like a whole set of landmines I want to avoid ... Part of the problem is that we wanted to support being able to use both mozldap and openldap, without too much "helper" code/macros/#ifdef MOZLDAP/etc. It looks as though this is a place where we need to have some sort of helper. (as for why we still support mozldap - we still need an ldap c sdk that supports NSS for crypto until we can fix that in the server. Once we change 389 so that it can use openldap with openssl/gnutls for crypto, we should consider deprecating support for mozldap.)
|
-- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-devel@xxxxxxxxxxxxxxxxxxxxxxx