On 25.11.25 06:46, Bertrand Drouvot wrote:
Maybe we should make the code compile cleanly under
-Wformat-signedness at some point...
good idea, will give it a try later on outside the context of this patch.
I test this once in a while and fix the issues that I find. But it's
very picky and you will find difficult to fix problems like the fact
that the signedness of enums is implementation-defined, and so the only
portable fix there would be to add more casts.
I think it could be useful to tighten the source code with respect to
implicit integer conversions, using warnings such as -Wsign-conversion
and -Wconversion as well as -Wformat-signedness. There are surely
hidden overflow or truncation issues similar to CVE-2025-12818 hidden
somewhere. But explicit casts defeat those warnings, so removing
unnecessary casts is a good step on the way there.
