>>>>> "Greg" == Greg Troxel <gdt_at_ir.bbn.com> writes:

    Greg> But if the constant or the data type changes the code will
    Greg> be wrong and have a potential security issue.

I came to the same conclusion about some code in XEmacs recently.

Here I have to wonder if this warning doesn't expose a different bug,
namely, that vdir->d_namlen is too small a type to detect a buffer
overflow when it occurs!  (Logical possibility only, of course Jan
would never permit such a thing!  ;-)

    Greg> I wonder if one can cast the left hand variable to (unsigned
    Greg> int) and avoid the warning more safely?

I couldn't really justify that, the code in question is in the inner
loop for a lot of operations---we _want_ it optimized away.  Maybe
that's not an issue here.  FWIW here are two other options I considered:

		/* validate whether the directory file actually makes sense */
		if (vdir->d_reclen < vdir_size + vdir->d_namlen
#if sizeof(vdir->d_namlen) != sizeof(unsigned char)
		    || vdir->d_namlen > CODA_MAXNAMLEN)
#endif
                      {
 			printk("coda_venus_readdir: Invalid dir: %ld\n",
 			       filp->f_dentry->d_inode->i_ino);
 			ret = -EBADF;

*or* (abbreviated)

#if sizeof(vdir->d_namlen) != sizeof(unsigned char)
#error !!!!! sizeof(vdir->d_namlen) has changed, audit code using it !!!!!
#endif

But both of those are uglier than the warning.  ;-)

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.