Re: [PATCH] decompress_bunzip2: fix sizeof type in start_bunzip

[Tom Rix]

On 7/12/20 3:21 PM, hpa@xxxxxxxxx wrote:
> On July 12, 2020 8:12:43 AM PDT, Tom Rix <trix@xxxxxxxxxx> wrote:
>> On 7/12/20 6:09 AM, H. Peter Anvin wrote:
>>> On 2020-07-12 05:59, trix@xxxxxxxxxx wrote:
>>>> From: Tom Rix <trix@xxxxxxxxxx>
>>>>
>>>> clang static analysis flags this error
>>>>
>>>> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is
>> converted
>>>>   to a pointer of type 'unsigned int', which is incompatible with
>> sizeof
>>>>   operand type 'int' [unix.MallocSizeof]
>>>>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>>>>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>
>>>> Reviewing the bunzip_data structure, the element dbuf is type
>>>>
>>>> 	/* Intermediate buffer and its size (in bytes) */
>>>> 	unsigned int *dbuf, dbufSize;
>>>>
>>>> So change the type in sizeof to 'unsigned int'
>>>>
>>> You must be kidding.
>>>
>>> If you want to change it, change it to sizeof(bd->dbuf) instead, but
>> this flag
>>> is at least in my opinion a total joke. For sizeof(int) !=
>> sizeof(unsigned
>>> int) is beyond bizarre, no matter how stupid the platform.
>> Using the actual type is more correct that using a type of the same
>> size.
>>
>> trix
>>
>>> 	-hpa
>>>
> "More correct?" All it is is more verbose.
>
> Using the sizeof of the actual object at least adds some actual safety.

Sorry, I am being pedantic, I mean anything that produces the correct assembly is correct. But there are different path to being correct. The path I was suggesting to follow the type of the element/final pointer when allocating an memory.

large_malloc(bd->dbufSize * sizeof(*bd->dbuf)) would also work

I will respin.

trix