Conversation
dpogue
force-pushed
the
warning-fixes
branch
5 times, most recently
from
6fa8b1f to
84cd602
Compare
dgelessus
left a comment
dgelessus
left a comment
There was a problem hiding this comment.
This generally looks good.
I'm a little cautious about size_t in the context of file IO, because when done wrong, it can introduce problems with large files that go unnoticed in 64-bit builds and only affect 32-bit builds.
This isn't a realistic problem for us right now, because so much of the hsStream code hardcodes file sizes/offsets as uint32_t (and fixing that isn't the topic of this PR). But to avoid future issues, we should use size_t in IO code only for sizes/offsets of memory buffers (as for Read/Write for example). Sizes/offsets within files/streams should not be size_t. For now, unfortunately, the appropriate type is uint32_t, but at some point we should add an equivalent of POSIX off_t for file sizes/offsets. I've commented on the specific cases where I think size_t isn't appropriate.
| } | ||
| #else | ||
| char *cwd_a = getcwd(nullptr, 0); | ||
| char cwd_a[1024]; |
There was a problem hiding this comment.
| char cwd_a[1024]; | |
| char cwd_a[PATH_MAX]; |
The super-ideal POSIX solution would be to call pathconf to dynamically get PATH_MAX for the path ".", but we already use the PATH_MAX macro constant in a few other places, so for now this is fine I think. (Plus, according to gnulib, many getcwd implementations don't work properly for paths longer than PATH_MAX anyway.)
| // Note: GetAsHexString() returns a pointer to a static string; | ||
| // do not rely on the contents of this string between calls! |
| uint32_t startChunkPos = startPos % kEncryptChunkSize; | ||
| size_t startChunkPos = startPos % kEncryptChunkSize; | ||
| // Amount of data in the partial first chunk (0 if we're aligned) | ||
| uint32_t startAmt = (startChunkPos != 0) ? std::min(kEncryptChunkSize - startChunkPos, bytes) : 0; | ||
| size_t startAmt = (startChunkPos != 0) ? std::min(kEncryptChunkSize - startChunkPos, bytes) : 0; | ||
|
|
||
| uint32_t totalNumRead = IRead(bytes, buffer); | ||
| size_t totalNumRead = IRead(bytes, buffer); | ||
|
|
||
| uint32_t numMidChunks = (totalNumRead - startAmt) / kEncryptChunkSize; | ||
| uint32_t endAmt = (totalNumRead - startAmt) % kEncryptChunkSize; | ||
| size_t numMidChunks = (totalNumRead - startAmt) / kEncryptChunkSize; | ||
| size_t endAmt = (totalNumRead - startAmt) % kEncryptChunkSize; |
There was a problem hiding this comment.
Same story as for plEncryptedStream - offsets should stay uint32_t for now.
| for (size_t i = nOldMods; i < nOldMods + nNewMods; i++) | ||
| { | ||
| refMsg = new plObjRefMsg(GetKey(), plRefMsg::kOnCreate, i, plObjRefMsg::kModifier); | ||
| refMsg = new plObjRefMsg(GetKey(), plRefMsg::kOnCreate, static_cast<int8_t>(i), plObjRefMsg::kModifier); |
There was a problem hiding this comment.
Feels like it would be better to allow larger indices in plObjRefMsg itself?
There was a problem hiding this comment.
We can't change this without changing the stream layout for the message. There really shouldn't be any RefMsgs serialized anywhere, but it's not impossible, so we need to be careful about that.
There was a problem hiding this comment.
I think that we have, in a few places, widened the internal storage and added something like hsAssert(fValue <=std::numeric_limits<oldType_t>::max(), "overflow"); to the serialization routine (example). It might not be a bad idea to do that.
plAttachMsg is a plRefMsg that can go over the wire, btw. It's pretty trivial to send those from Python. Thankfully, plAttachMsg is not a subclass of plObjRefMsg.
dpogue
force-pushed
the
warning-fixes
branch
2 times, most recently
from
8dbe5d0 to
2ad5dda
Compare
Co-Authored-By: Adam Johnson <AdamJohnso@gmail.com>
Behaviour is undefined if the buffer parameter is null. Co-Authored-By: dgelessus <dgelessus@users.noreply.github.com>
Co-Authored-By: dgelessus <dgelessus@users.noreply.github.com>
Co-Authored-By: dgelessus <dgelessus@users.noreply.github.com>
Co-Authored-By: dgelessus <dgelessus@users.noreply.github.com>
|
Looking at this again, would it make sense to split the integer size and signedness commits into a separate PR? All the other commits look like straightforward, independent fixes - they don't need to be blocked on figuring out the details of the integer types. In my last review, there's only one remaining comment that's not about integer types, which is that the result array for |
3 participants
Fixes various warnings (mostly in CoreLib) from Xcode and Visual Studio around uninitialized local variables, unused values, improper use of
getcwd, and some (but not all) signed/unsigned and int sizing warnings in hsStream.This also enables CMP0156 which is supposed to deduplicate linked libraries to avoid warnings from Xcode.
I've tried to keep each commit reasonably self-contained, so we can drop anything that we don't have agreement on.