lib: str - Ensure str_append_c gets unsigned char parameter

author Aki Tuomi <aki.tuomi@open-xchange.com>

Thu, 20 Aug 2020 06:46:24 +0000 (09:46 +0300)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Thu, 22 Oct 2020 12:16:15 +0000 (12:16 +0000)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Thu, 20 Aug 2020 06:46:24 +0000 (09:46 +0300)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Thu, 22 Oct 2020 12:16:15 +0000 (12:16 +0000)
diff --git a/src/lib/str.h b/src/lib/str.h

index fca3e6b0cbf9ffa57701c45cc5e1ec3aa5254a4b..f0ec8f1f4fb3c28f17c245bea7edcbc5b6864646 100644 (file)
--- a/src/lib/str.h
+++ b/src/lib/str.h
@@ -43,6 +43,18 @@ static inline void str_append_c(string_t *str, unsigned char chr)
  {
         buffer_append_c(str, chr);
  }
+/* This macro ensures we add unsigned char to str to avoid
+   implicit casts which cause errors with clang's implicit integer truncation
+   sanitizier. Issues caught by these sanitizers are not undefined behavior,
+   but are often unintentional.
+   We also need to check that the type we are adding is compatible with char,
+   so that we don't end up doing a narrowing cast. */
+#ifdef HAVE_TYPE_CHECKS
+#  define str_append_c(str, chr) \
+       str_append_c((str), __builtin_choose_expr( \
+               __builtin_types_compatible_p(typeof((chr)), char), \
+                       (unsigned char)(chr), (chr)))
+#endif
  
  static inline void str_append_str(string_t *dest, const string_t *src)
  {
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Thu, 20 Aug 2020 06:46:24 +0000 (09:46 +0300)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Thu, 22 Oct 2020 12:16:15 +0000 (12:16 +0000)