Unsigned integer overflow is well-defined and not undefined behavior. But it is still useful to enable undefined behavior sanitizer checks on unsigned arithmetic to detect possible issues on counters or variables with similar purpose. Use a spaceship operator like comparison instead of subtraction. Modern compilers will generate a single comparison instruction instead of actually perform the subtraction. policydb.c:826:17: runtime error: unsigned integer overflow: 24 - 1699 cannot be represented in type 'unsigned int' Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/src/policydb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index cbe0c432..3389a943 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -823,11 +823,11 @@ static int filenametr_cmp(hashtab_t h __attribute__ ((unused)), const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2; int v; - v = ft1->ttype - ft2->ttype; + v = (ft1->ttype > ft2->ttype) - (ft1->ttype < ft2->ttype); if (v) return v; - v = ft1->tclass - ft2->tclass; + v = (ft1->tclass > ft2->tclass) - (ft1->tclass < ft2->tclass); if (v) return v; -- 2.32.0
