The two functions fgetxattr() and fsetxattr() take an unsigned "size"
parameter as arguments. We are passing them signed integers that we
happen to know are nonnegative, since we have ruled out the one
possible negative value -- but the compiler doesn't know that. To
avoid a warning from clang, we now cast the parameters to the
(unsigned) size_t type.
return ACL_ERROR;
}
char* src_acl_p = alloca(src_size_guess);
return ACL_ERROR;
}
char* src_acl_p = alloca(src_size_guess);
- /* The actual size may be smaller than our guess? I don't know. */
- ssize_t src_size = fgetxattr(src_fd, src_name, src_acl_p, src_size_guess);
+ /* The actual size may be smaller than our guess? I don't know. The
+ return value from fgetxattr() will either be nonnegative, or
+ XATTR_ERROR (which we've already ruled out), so it's safe to cast
+ it to an unsigned size_t here to avoid a compiler warning. */
+ ssize_t src_size = fgetxattr(src_fd,
+ src_name,
+ src_acl_p,
+ (size_t)src_size_guess);
if (src_size == XATTR_ERROR) {
if (errno == ENODATA) {
/* A missing ACL isn't an error. */
if (src_size == XATTR_ERROR) {
if (errno == ENODATA) {
/* A missing ACL isn't an error. */
- if (fsetxattr(dst_fd, dst_name, src_acl_p, src_size, 0) == XATTR_ERROR) {
+ /* See above: src_size must be nonnegative at this point,so we cast
+ it to size_t to avoid a compiler warning. */
+ if (fsetxattr(dst_fd,
+ dst_name,
+ src_acl_p,
+ (size_t)src_size,
+ 0)
+ == XATTR_ERROR) {
perror("acl_copy_xattr (fsetxattr)");
return ACL_ERROR;
}
perror("acl_copy_xattr (fsetxattr)");
return ACL_ERROR;
}