On Thu, Nov 04, 2021 at 06:17:20PM -0700, Alistair Crooks wrote:
> I think you're misreading the diff - it will only wrap if the minimum size
> is 0xffffffff, which is...ummm...highly unlikely (it's defined to be 0
> right now, the type is unsigned)
I'm not so much worried about the constant, but the right hand size.
Without looking at the types, I can't be sure that "context->pwdlen + 1"
doesn't overflow or that "context->m_cost - 1" can't underflow. Much
easier and safer to just use a type cast...
The author of the software made a conscious decision to make the variable unsigned, since the length would never be less than zero.
The author then made a default definition for the lower bound of the length, and made it 0.
I find it ironic that an overbearing, over-eager compiler takes these, decides that the condition could never be true, and so a cast to an integer type is now needed to shut up the overeager compiler, thereby negating the (completely valid) thought process the author went through.
Nevertheless, I'll make the changes you suggest