Date: Fri, 3 Aug 2018 15:54:24 +0200
From: Martin Husemann <mar...@duskware.de>
Message-ID: <20180803135424.gc23...@mail.duskware.de>
| Ah, stupid C integer promotion rules. uint16_t is promoted to int
| here, not unsigned int or size_t.
Even with that, there should be no problem, in
signed - unsigned
the '-' should be an unsigned - and the result should
be unsigned. There is no signed arithmetic being done
here to cause an undefined result.
That's the same rule that makes
strlen(s) + 1
be a size_t rather than a ssize_t or whatever. Otherwise we'd
need to be adding casts to every operation like that, just in case
strlen(s) == MAX_INT and the " +1 " would cause overflow, and
undefined operation. No thanks.
Whether there need to be any attention to the possibility
of a malformed packet I will leave for Roy to decide (I am
assuming probably not) but that added cast just looks to be
a bandaid for a broken compiler (sanitiser).
kre
