Warning implies possible kerberos bug in krb5int_dns_nextans() in dnsglue.c

Jeffrey Hutzelman jhutz at cmu.edu
Mon Mar 17 20:36:35 EDT 2008

--On Monday, March 17, 2008 05:21:47 PM -0700 Russ Allbery 
<rra at stanford.edu> wrote:

> "Marus, Dennis" <Dennis.Marus at xerox.com> writes:
>> When compiling this file (using Windriver's PPC compiler) the following
>> warning is given;
>> dnsglue.c:317: warning: comparison is always false due to limited range
>> of data type
>> The line of code causing the problem is;
>>             if (rdlen > INT_MAX)
>> Where rdlen has been defined as an unsigned short and INT_MAX is set to
>> 0x7fffffffL
>> Since rdlen is the length to be read and is set by a call to the
>> SAFE_GETUINT16 macro, can any value really be considered invalid?
> What if you have a host with 16-bit ints and an unsigned value larger than
> 2^15-1?
>> It might be that rdlen could be set to an int just like ds->anslen which
>> will resolve the warning, but I'm uncertain as to the validity of that
>> change.
> There isn't anything wrong with the above code so far as I can see.  It
> just produces a harmless warning on hosts where sizeof(short) <
> sizeof(int).

I think both concerns are valid.  Harmless warnings should be eliminated, 
as possible, because doing so makes it easier to find real problem.  In 
this case, I would suggest replacing the offending line with the following:

        /* NB: sizeof(unsigned short) <= sizeof(unsigned int) */
        if ((unsigned int)rdlen > INT_MAX)

This eliminates the harmless warning, but should still generate one if 
rdlen ever gets retyped to something bigger than an unsigned int.

-- Jeff

More information about the krbdev mailing list