From: Michael Orlitzky Date: Thu, 29 Mar 2018 01:41:31 +0000 (-0400) Subject: src/libadacl.c: cast two fgetxattr() and fsetxattr() params to size_t. X-Git-Tag: v0.4.0~1 X-Git-Url: https://gitweb.michael.orlitzky.com/?a=commitdiff_plain;h=dcaa939a0e09bceb1392488fa126232629a63aa8;p=apply-default-acl.git src/libadacl.c: cast two fgetxattr() and fsetxattr() params to size_t. The two functions fgetxattr() and fsetxattr() take an unsigned "size" parameter as arguments. We are passing them signed integers that we happen to know are nonnegative, since we have ruled out the one possible negative value -- but the compiler doesn't know that. To avoid a warning from clang, we now cast the parameters to the (unsigned) size_t type. --- diff --git a/src/libadacl.c b/src/libadacl.c index 53bd380..cdd07fc 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -607,8 +607,14 @@ int acl_copy_xattr(int src_fd, return ACL_ERROR; } char* src_acl_p = alloca(src_size_guess); - /* The actual size may be smaller than our guess? I don't know. */ - ssize_t src_size = fgetxattr(src_fd, src_name, src_acl_p, src_size_guess); + /* The actual size may be smaller than our guess? I don't know. The + return value from fgetxattr() will either be nonnegative, or + XATTR_ERROR (which we've already ruled out), so it's safe to cast + it to an unsigned size_t here to avoid a compiler warning. */ + ssize_t src_size = fgetxattr(src_fd, + src_name, + src_acl_p, + (size_t)src_size_guess); if (src_size == XATTR_ERROR) { if (errno == ENODATA) { /* A missing ACL isn't an error. */ @@ -618,7 +624,14 @@ int acl_copy_xattr(int src_fd, return ACL_ERROR; } - if (fsetxattr(dst_fd, dst_name, src_acl_p, src_size, 0) == XATTR_ERROR) { + /* See above: src_size must be nonnegative at this point,so we cast + it to size_t to avoid a compiler warning. */ + if (fsetxattr(dst_fd, + dst_name, + src_acl_p, + (size_t)src_size, + 0) + == XATTR_ERROR) { perror("acl_copy_xattr (fsetxattr)"); return ACL_ERROR; }