build: fix some -Wsign-conversion/-Warith-conversion warnings

- enable `-Wsign-conversion` warnings, but also setting them to not raise errors. - fix `-Warith-conversion` warnings seen in CI. These are triggered by `-Wsign-converion` and causing errors unless explicitly silenced. It makes more sense to fix them, there just a few of them. - fix some `-Wsign-conversion` warnings. - hide `-Wsign-conversion` warnings with a `#pragma`. - add macro `CURL_WARN_SIGN_CONVERSION` to unhide them on a per-build basis. - update a CI job to unhide them with the above macro: https://github.com/curl/curl/actions/workflows/linux.yml -> OpenSSL -O3 Closes #12492
2026-06-29 12:36:01 +03:00 · 2023-12-09 02:45:19 +00:00 · 2023-12-09 02:45:19 +00:00 · 2dbe75bd7f
commit 2dbe75bd7f
parent 68d80a8f9b
17 changed files with 56 additions and 42 deletions
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@ -28,6 +28,13 @@
 #define CURL_NO_OLDIES
 #endif

+/* FIXME: Delete this once the warnings have been fixed. */
+#if !defined(CURL_WARN_SIGN_CONVERSION)
+#ifdef __GNUC__
+#pragma GCC diagnostic ignored "-Wsign-conversion"
+#endif
+#endif
+
 /* Set default _WIN32_WINNT */
 #ifdef __MINGW32__
 #include <_mingw.h>
--- a/lib/doh.c
+++ b/lib/doh.c
@ -444,7 +444,7 @@ static DOHcode skipqname(const unsigned char *doh, size_t dohlen,
      return DOH_DNS_BAD_LABEL;
    if(dohlen < (*indexp + 1 + length))
      return DOH_DNS_OUT_OF_RANGE;
-    *indexp += 1 + length;
+    *indexp += (unsigned int)(1 + length);
  } while(length);
  return DOH_OK;
 }
@ -456,14 +456,15 @@ static unsigned short get16bit(const unsigned char *doh, int index)

 static unsigned int get32bit(const unsigned char *doh, int index)
 {
-   /* make clang and gcc optimize this to bswap by incrementing
-      the pointer first. */
-   doh += index;
+  /* make clang and gcc optimize this to bswap by incrementing
+     the pointer first. */
+  doh += index;

-   /* avoid undefined behavior by casting to unsigned before shifting
-      24 bits, possibly into the sign bit. codegen is same, but
-      ub sanitizer won't be upset */
-  return ( (unsigned)doh[0] << 24) | (doh[1] << 16) |(doh[2] << 8) | doh[3];
+  /* avoid undefined behavior by casting to unsigned before shifting
+     24 bits, possibly into the sign bit. codegen is same, but
+     ub sanitizer won't be upset */
+  return ((unsigned)doh[0] << 24) | ((unsigned)doh[1] << 16) |
+         ((unsigned)doh[2] << 8) | doh[3];
 }

 static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d)
--- a/lib/inet_pton.c
+++ b/lib/inet_pton.c
@ -112,7 +112,8 @@ inet_pton4(const char *src, unsigned char *dst)

    pch = strchr(digits, ch);
    if(pch) {
-      unsigned int val = *tp * 10 + (unsigned int)(pch - digits);
+      unsigned int val = (unsigned int)(*tp * 10) +
+                         (unsigned int)(pch - digits);

      if(saw_digit && *tp == 0)
        return (0);
--- a/lib/mprintf.c
+++ b/lib/mprintf.c
@ -1010,7 +1010,7 @@ number:
 static int addbyter(int output, FILE *data)
 {
  struct nsprintf *infop = (struct nsprintf *)data;
-  unsigned char outc = (unsigned char)output;
+  char outc = (char)output;

  if(infop->length < infop->max) {
    /* only do this if we haven't reached max length yet */
--- a/lib/share.c
+++ b/lib/share.c
@ -133,13 +133,13 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...)
      res = CURLSHE_BAD_OPTION;
    }
    if(!res)
-      share->specifier |= (1<<type);
+      share->specifier |= (unsigned int)(1<<type);
    break;

  case CURLSHOPT_UNSHARE:
    /* this is a type this share will no longer share */
    type = va_arg(param, int);
-    share->specifier &= ~(1<<type);
+    share->specifier &= ~(unsigned int)(1<<type);
    switch(type) {
    case CURL_LOCK_DATA_DNS:
      break;
@ -264,7 +264,7 @@ Curl_share_lock(struct Curl_easy *data, curl_lock_data type,
  if(!share)
    return CURLSHE_INVALID;

-  if(share->specifier & (1<<type)) {
+  if(share->specifier & (unsigned int)(1<<type)) {
    if(share->lockfunc) /* only call this if set! */
      share->lockfunc(data, type, accesstype, share->clientdata);
  }
@ -281,7 +281,7 @@ Curl_share_unlock(struct Curl_easy *data, curl_lock_data type)
  if(!share)
    return CURLSHE_INVALID;

-  if(share->specifier & (1<<type)) {
+  if(share->specifier & (unsigned int)(1<<type)) {
    if(share->unlockfunc) /* only call this if set! */
      share->unlockfunc (data, type, share->clientdata);
  }
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@ -226,7 +226,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
  /* Extract the security layer and the maximum message size */
  indata = output_token.value;
  sec_layer = indata[0];
-  max_size = (indata[1] << 16) | (indata[2] << 8) | indata[3];
+  max_size = ((unsigned int)indata[1] << 16) |
+             ((unsigned int)indata[2] << 8) | indata[3];

  /* Free the challenge as it is not required anymore */
  gss_release_buffer(&unused_status, &output_token);
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@ -319,7 +319,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
  /* Extract the security layer and the maximum message size */
  indata = input_buf[1].pvBuffer;
  sec_layer = indata[0];
-  max_size = (indata[1] << 16) | (indata[2] << 8) | indata[3];
+  max_size = ((unsigned long)indata[1] << 16) |
+             ((unsigned long)indata[2] << 8) | indata[3];

  /* Free the challenge as it is not required anymore */
  s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer);