From f2e4eed824ec88dc51cd26242320a40a38c4918c Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 20 Aug 2020 09:46:24 +0300
Subject: [PATCH] lib: str - Ensure str_append_c gets unsigned char parameter

---
 src/lib/str.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/lib/str.h b/src/lib/str.h
index fca3e6b0cb..f0ec8f1f4f 100644
--- a/src/lib/str.h
+++ b/src/lib/str.h
@@ -43,6 +43,18 @@ static inline void str_append_c(string_t *str, unsigned char chr)
 {
 	buffer_append_c(str, chr);
 }
+/* This macro ensures we add unsigned char to str to avoid
+   implicit casts which cause errors with clang's implicit integer truncation
+   sanitizier. Issues caught by these sanitizers are not undefined behavior,
+   but are often unintentional.
+   We also need to check that the type we are adding is compatible with char,
+   so that we don't end up doing a narrowing cast. */
+#ifdef HAVE_TYPE_CHECKS
+#  define str_append_c(str, chr) \
+	str_append_c((str), __builtin_choose_expr( \
+		__builtin_types_compatible_p(typeof((chr)), char), \
+			(unsigned char)(chr), (chr)))
+#endif
 
 static inline void str_append_str(string_t *dest, const string_t *src)
 {
-- 
2.47.3