On Fri, Apr 24, 2026 at 06:54:31AM +0800, Kevin J. McCarthy wrote:
> On Thu, Apr 23, 2026 at 02:03:45PM +0200, Alejandro Colomar via Mutt-dev
> wrote:
> > Hi Kevin,
> >
> > On 2026-04-23T14:10:31+0800, Kevin J. McCarthy wrote:
> > > +/* Generate length_requested random bytes of data */
> > > +void mutt_random_bytes(char *random_bytes, size_t length_requested)
> > > +{
> > > +#if defined(HAVE_GETRANDOM)
> > > + size_t res;
> > > +
> > > + do
> > > + {
> > > + res = getrandom(random_bytes, length_requested, GRND_NONBLOCK);
[...]
> > > + } while ((res == (size_t) -1) && (errno == EINTR));
> >
> > This cast is dangerous. It's safer to compare to literal -1. I know
> > you'll get a -Wsign-compare (part of -Wextra) diagnostic, but that's
> > something that GCC should fix. I've been using -Wno-error=sign-compare
> > for some time, precisely for the false negatives.
> >
> > If for some reason, the type of the cast doesn't match the type of the
> > variable, we'll get a bug. On the other hand, non-casted literal -1
> > will magically convert to any wider unsigned type and do the right
> > thing.
>
> I'll try removing the cast then, but it if triggers warnings and aborts the
> CI compiles on any of the sr.ht servers prefer to add it back in.
In CI, as well with any default build, we only use -Wall which does not
include -Wsign-compare for C (GCC and clang). tcc does not have
-Wsign-compare.
