On Tue, 15 Jun 2021 12:35:00 +1000 David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> wrote: Hi David, > On Fri, Jun 11, 2021 at 06:10:33PM +0100, Andre Przywara wrote: > > With -Wsign-compare, compilers warn about a mismatching signedness in > > comparisons in various files in the tests/ directory. > > > > For about half of the cases we can simply change the signed variable to > > be of an unsigned type, because they will never need to store negative > > values (which is the best fix of the problem). > > > > In the remaining cases we can cast the signed variable to an unsigned > > type, provided we know for sure it is not negative. > > We see two different scenarios here: > > - We either just explicitly checked for this variable to be positive > > (if (rc < 0) FAIL();), or > > - We rely on a function returning only positive values in the "length" > > pointer if the function returned successfully: which we just checked. > > > > At two occassions we compare with a constant "-1" (even though the > > variable is unsigned), so we just change this to ~0U to create an > > unsigned comparison value. > > > > Since this is about the tests, let's also add explicit tests for those > > values really not being negative. > > > > This fixes "make tests" (but not "make check" yet), when compiled > > with -Wsign-compare. > > Thanks for doing this. > > > > > Signed-off-by: Andre Przywara <andre.przywara@xxxxxxx> > > --- > > tests/dumptrees.c | 2 +- > > tests/fs_tree1.c | 2 +- > > tests/get_name.c | 4 +++- > > tests/integer-expressions.c | 2 +- > > tests/nopulate.c | 3 ++- > > tests/overlay.c | 4 +++- > > tests/phandle_format.c | 2 +- > > tests/property_iterate.c | 2 +- > > tests/references.c | 2 +- > > tests/set_name.c | 6 ++++-- > > tests/subnode_iterate.c | 2 +- > > tests/tests.h | 2 +- > > tests/testutils.c | 12 +++++++++--- > > 13 files changed, 29 insertions(+), 16 deletions(-) > > > > diff --git a/tests/dumptrees.c b/tests/dumptrees.c > > index f1e0ea9..08967b3 100644 > > --- a/tests/dumptrees.c > > +++ b/tests/dumptrees.c > > @@ -32,7 +32,7 @@ static struct { > > > > int main(int argc, char *argv[]) > > { > > - int i; > > + unsigned int i; > > > > if (argc != 2) { > > fprintf(stderr, "Missing output directory argument\n"); > > diff --git a/tests/fs_tree1.c b/tests/fs_tree1.c > > index dff3880..978f6a3 100644 > > --- a/tests/fs_tree1.c > > +++ b/tests/fs_tree1.c > > @@ -54,7 +54,7 @@ static void mkfile(const char *name, void *data, size_t len) > > rc = write(fd, data, len); > > if (rc < 0) > > FAIL("write(\"%s\"): %s", name, strerror(errno)); > > - if (rc != len) > > + if ((unsigned)rc != len) > > FAIL("write(\"%s\"): short write", name); > > > > rc = close(fd); > > diff --git a/tests/get_name.c b/tests/get_name.c > > index 5a35103..d20bf30 100644 > > --- a/tests/get_name.c > > +++ b/tests/get_name.c > > @@ -34,12 +34,14 @@ static void check_name(void *fdt, const char *path) > > offset, getname, len); > > if (!getname) > > FAIL("fdt_get_name(%d): %s", offset, fdt_strerror(len)); > > + if (len < 0) > > + FAIL("negative name length (%d) for returned node name\n", len); > > > > if (strcmp(getname, checkname) != 0) > > FAIL("fdt_get_name(%s) returned \"%s\" instead of \"%s\"", > > path, getname, checkname); > > > > - if (len != strlen(getname)) > > + if ((unsigned)len != strlen(getname)) > > FAIL("fdt_get_name(%s) returned length %d instead of %zd", > > path, len, strlen(getname)); > > > > diff --git a/tests/integer-expressions.c b/tests/integer-expressions.c > > index 6f33d81..2f164d9 100644 > > --- a/tests/integer-expressions.c > > +++ b/tests/integer-expressions.c > > @@ -59,7 +59,7 @@ int main(int argc, char *argv[]) > > void *fdt; > > const fdt32_t *res; > > int reslen; > > - int i; > > + unsigned int i; > > > > test_init(argc, argv); > > > > diff --git a/tests/nopulate.c b/tests/nopulate.c > > index 2ae1753..e06a0b3 100644 > > --- a/tests/nopulate.c > > +++ b/tests/nopulate.c > > @@ -43,7 +43,8 @@ static int nopulate_struct(char *buf, const char *fdt) > > int main(int argc, char *argv[]) > > { > > char *fdt, *fdt2, *buf; > > - int newsize, struct_start, struct_end_old, struct_end_new, delta; > > + int newsize, struct_end_old, struct_end_new, delta; > > + unsigned int struct_start; > > Making just one of these variables unsigned looks pretty weird, but I > guess it works. The alternative would be to much more strictly check > the various offsets here - which would also mean that adding the nops > does take the device tree beyond the allowed size. TBH this was just the bare minimum mechanical fix, I haven't much looked into what this test really does. And there seem to be more issues, for instance we seem to assume that newsize is non-negative, but nopulate_struct() returns a signed type. And looking deeper, fdt_next_tag() can return a negative error value into nextoffset, at which point everything falls apart. So I guess I will leave this for another rainy afternoon, to not block this particular patch. > > > const char *inname; > > char outname[PATH_MAX]; > > > > diff --git a/tests/overlay.c b/tests/overlay.c > > index 91afa72..b21b28e 100644 > > --- a/tests/overlay.c > > +++ b/tests/overlay.c > > @@ -35,7 +35,9 @@ static int fdt_getprop_u32_by_poffset(void *fdt, const char *path, > > return node_off; > > > > val = fdt_getprop(fdt, node_off, name, &len); > > - if (!val || (len < (sizeof(uint32_t) * (poffset + 1)))) > > + if (val && len < 0) > > + return -FDT_ERR_BADVALUE; > > This indicates an internal error in libfdt that's more or less > independent of what this test is really looking for, better to just > FAIL() here rather than bubble this error up through the caller to > report. Done. > > > + if (!val || ((unsigned)len < (sizeof(uint32_t) * (poffset + 1)))) > > return -FDT_ERR_NOTFOUND; > > NOTFOUND seems kind of dangeous here, because this test catches both > true NOTFOUND cases (val==NULL && len == NOTFOUND), and broken cases > (val=NULL && len!=NOTFOUND), best to check the broken case explicitly > and FAIL(). Right, I fixed that, so that any case of len < 0 is handled before we come to the comparison. > > > > *out = fdt32_to_cpu(*(val + poffset)); > > diff --git a/tests/phandle_format.c b/tests/phandle_format.c > > index d00618f..0febb32 100644 > > --- a/tests/phandle_format.c > > +++ b/tests/phandle_format.c > > @@ -45,7 +45,7 @@ int main(int argc, char *argv[]) > > FAIL("fdt_path_offset(/node4): %s", fdt_strerror(n4)); > > > > h4 = fdt_get_phandle(fdt, n4); > > - if ((h4 == 0) || (h4 == -1)) > > + if ((h4 == 0) || (h4 == ~0U)) > > FAIL("/node4 has bad phandle 0x%x\n", h4); > > > > if (phandle_format & PHANDLE_LEGACY) > > diff --git a/tests/property_iterate.c b/tests/property_iterate.c > > index 9a67f49..0b6af9b 100644 > > --- a/tests/property_iterate.c > > +++ b/tests/property_iterate.c > > @@ -23,7 +23,7 @@ static void test_node(void *fdt, int parent_offset) > > uint32_t properties; > > const fdt32_t *prop; > > int offset, property; > > - int count; > > + unsigned int count; > > int len; > > > > /* > > diff --git a/tests/references.c b/tests/references.c > > index d18e722..cb1daaa 100644 > > --- a/tests/references.c > > +++ b/tests/references.c > > @@ -106,7 +106,7 @@ int main(int argc, char *argv[]) > > if ((h4 == 0x2000) || (h4 == 0x1) || (h4 == 0)) > > FAIL("/node4 has bad phandle, 0x%x", h4); > > > > - if ((h5 == 0) || (h5 == -1)) > > + if ((h5 == 0) || (h5 == ~0U)) > > FAIL("/node5 has bad phandle, 0x%x", h5); > > if ((h5 == h4) || (h5 == h2) || (h5 == h1)) > > FAIL("/node5 has duplicate phandle, 0x%x", h5); > > diff --git a/tests/set_name.c b/tests/set_name.c > > index a62cb58..5eeb7b9 100644 > > --- a/tests/set_name.c > > +++ b/tests/set_name.c > > @@ -39,7 +39,7 @@ static void check_set_name(void *fdt, const char *path, const char *newname) > > FAIL("fdt_get_name(%s) returned \"%s\" instead of \"%s\"", > > path, getname, oldname); > > > > > - if (len != strlen(getname)) > > + if ((unsigned)len != strlen(getname)) > > AFAICT you haven't actually checked for len < 0 before this, so this > isn't quite right True, fixed. > > > > FAIL("fdt_get_name(%s) returned length %d instead of %zd", > > path, len, strlen(getname)); > > > > @@ -51,12 +51,14 @@ static void check_set_name(void *fdt, const char *path, const char *newname) > > getname = fdt_get_name(fdt, offset, &len); > > if (!getname) > > FAIL("fdt_get_name(%d): %s", offset, fdt_strerror(len)); > > + if (len < 0) > > + FAIL("negative name length (%d) for returned node name\n", len); > > > > if (strcmp(getname, newname) != 0) > > FAIL("fdt_get_name(%s) returned \"%s\" instead of \"%s\"", > > path, getname, newname); > > > > - if (len != strlen(getname)) > > + if ((unsigned)len != strlen(getname)) > > FAIL("fdt_get_name(%s) returned length %d instead of %zd", > > path, len, strlen(getname)); > > } > > diff --git a/tests/subnode_iterate.c b/tests/subnode_iterate.c > > index 2dc9b2d..2553a51 100644 > > --- a/tests/subnode_iterate.c > > +++ b/tests/subnode_iterate.c > > @@ -23,7 +23,7 @@ static void test_node(void *fdt, int parent_offset) > > uint32_t subnodes; > > const fdt32_t *prop; > > int offset; > > - int count; > > + unsigned int count; > > int len; > > > > /* This property indicates the number of subnodes to expect */ > > diff --git a/tests/tests.h b/tests/tests.h > > index 1017366..bf8f23c 100644 > > --- a/tests/tests.h > > +++ b/tests/tests.h > > @@ -83,7 +83,7 @@ void cleanup(void); > > void check_mem_rsv(void *fdt, int n, uint64_t addr, uint64_t size); > > > > void check_property(void *fdt, int nodeoffset, const char *name, > > - int len, const void *val); > > + unsigned int len, const void *val); > > #define check_property_cell(fdt, nodeoffset, name, val) \ > > ({ \ > > fdt32_t x = cpu_to_fdt32(val); \ > > diff --git a/tests/testutils.c b/tests/testutils.c > > index 5e494c5..10129c0 100644 > > --- a/tests/testutils.c > > +++ b/tests/testutils.c > > @@ -88,7 +88,7 @@ void check_mem_rsv(void *fdt, int n, uint64_t addr, uint64_t size) > > } > > > > void check_property(void *fdt, int nodeoffset, const char *name, > > - int len, const void *val) > > + unsigned int len, const void *val) > > { > > const struct fdt_property *prop; > > int retlen, namelen; > > @@ -101,6 +101,9 @@ void check_property(void *fdt, int nodeoffset, const char *name, > > if (! prop) > > FAIL("Error retrieving \"%s\" pointer: %s", name, > > fdt_strerror(retlen)); > > + if (retlen < 0) > > + FAIL("negative name length (%d) for returned property\n", > > + retlen); > > > > tag = fdt32_to_cpu(prop->tag); > > nameoff = fdt32_to_cpu(prop->nameoff); > > @@ -112,13 +115,16 @@ void check_property(void *fdt, int nodeoffset, const char *name, > > propname = fdt_get_string(fdt, nameoff, &namelen); > > if (!propname) > > FAIL("Couldn't get property name: %s", fdt_strerror(namelen)); > > - if (namelen != strlen(propname)) > > + if (namelen < 0) > > + FAIL("negative name length (%d) for returned string\n", > > + namelen); > > + if ((unsigned)namelen != strlen(propname)) > > FAIL("Incorrect prop name length: %d instead of %zd", > > namelen, strlen(propname)); > > if (!streq(propname, name)) > > FAIL("Property name mismatch \"%s\" instead of \"%s\"", > > propname, name); > > Don't you need to check for retlen < 0 as well? But this is done above, in the previous hunk? Cheers, Andre > > > - if (proplen != retlen) > > + if (proplen != (unsigned)retlen) > > FAIL("Length retrieved for \"%s\" by fdt_get_property()" > > " differs from stored length (%d != %d)", > > name, retlen, proplen); >