On Wed, May 08, 2024 at 11:11:35PM -0700, Kees Cook wrote:
> > I think it would be interesting in general to have some kind of
> > warning for "implicit cast drops bits".
> >
> > I fear that we'd have an enormous about of them, and maybe they'd be
> > unsolvable without making the code *much* uglier (and sometimes the
> > fix might be to add an explicit cast to document intentionally dropped
> > bits, but explicit casts have their own issues).
Seapking of which, I recently had to work around an overactive
compiler UBSAN which complained about this:
struct ext2_super {
...
__u32 time_lo;
__u32 time_high;
...
}
time_t now;
sb->time_low = now;
sb->time_high = now >> 32;
This is obviously (to a human) correct, but because of stupid compiler
tricks, in order to silence compiler-level and ubsan complaints, this
got turned into:
sb->time_low = now & 0xffffffff;
#if (SIZEOF_TIME_T > 4)
sb->time_high = (now >> 32) & EXT4_EPOCH_MASK;
#else
sb->time_high = 0;
#endif
and in the opposite case, I was forced to write:
#if (SIZEOF_TIME_T == 4)
return *lo;
#else
return ((time_t)(*hi) << 32) | *lo;
#endif
... and this made me very sad. Grumble....
- Ted
