On Jan 06 2025, Eric Sunshine wrote:
> On Mon, Jan 6, 2025 at 2:14 PM Sören Krecker <soekkle@xxxxxxxxxx> wrote:
>> Fix compiler warings from msvc in date.c for value truncation from 64
>> bit to 32 bit integers.
>
> s/warings/warnings/
>
>> Also switch from int to size_t for all variables with result of strlen()
>> which cannot become negative.
>>
>> Signed-off-by: Sören Krecker <soekkle@xxxxxxxxxx>
>> ---
>> diff --git a/date.c b/date.c
>> @@ -1270,7 +1270,7 @@ static const char *approxidate_alpha(const char *date, struct tm *tm, struct tm
>> tl = typelen;
>> while (tl->type) {
>> - int len = strlen(tl->type);
>> + size_t len = strlen(tl->type);
>> if (match_string(date, tl->type) >= len-1) {
>
> This change looks scary and potentially wrong considering that the
> expression in the `if` statement subtracts 1 from `len`. If `len`
> happens to be zero, then `len-1` will wrap around to a very large
> number, thus potentially changing the meaning of the `if` condition.
>
> Now, admittedly, I haven't delved into this code or thought about it
> much, so I may be entirely wrong about this; perhaps it is impossible
> for `len` to ever be zero in this context or perhaps the meaning of
> the `if` condition doesn't change even if it wraps around.
It can be made more robust by moving the constant to the other side:
if (match_string(date, tl->type)+1 >= len) {
--
Andreas Schwab, schwab@xxxxxxxxxxxxxx
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1
"And now for something completely different."
