From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 20 Aug 2020 06:46:24 +0000 (+0300)
Subject: lib: str - Ensure str_append_c gets unsigned char parameter
X-Git-Tag: 2.3.13~90
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f2e4eed824ec88dc51cd26242320a40a38c4918c;p=thirdparty%2Fdovecot%2Fcore.git

lib: str - Ensure str_append_c gets unsigned char parameter
---

diff --git a/src/lib/str.h b/src/lib/str.h
index fca3e6b0cb..f0ec8f1f4f 100644
--- a/src/lib/str.h
+++ b/src/lib/str.h
@@ -43,6 +43,18 @@ static inline void str_append_c(string_t *str, unsigned char chr)
 {
 	buffer_append_c(str, chr);
 }
+/* This macro ensures we add unsigned char to str to avoid
+   implicit casts which cause errors with clang's implicit integer truncation
+   sanitizier. Issues caught by these sanitizers are not undefined behavior,
+   but are often unintentional.
+   We also need to check that the type we are adding is compatible with char,
+   so that we don't end up doing a narrowing cast. */
+#ifdef HAVE_TYPE_CHECKS
+#  define str_append_c(str, chr) \
+	str_append_c((str), __builtin_choose_expr( \
+		__builtin_types_compatible_p(typeof((chr)), char), \
+			(unsigned char)(chr), (chr)))
+#endif
 
 static inline void str_append_str(string_t *dest, const string_t *src)
 {