Clean up some signed vs. unsigned comparisons in libcap.

Suggestion from Mark Wielaard @ Redhat and, more recently from Akhil Arora @ Intel.

Signed-off-by: Andrew G Morgan <morgan@kernel.org>

4 files changed, 19 insertions, 10 deletions

diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
index 5fa5e93..525ea90 100644
--- a/libcap/cap_alloc.c
+++ b/libcap/cap_alloc.c
@@ -125,7 +125,7 @@ int cap_free(void *data_p)
     }
 
     if ( good_cap_string(data_p) ) {
-	int length = strlen(data_p) + sizeof(__u32);
+	size_t length = strlen(data_p) + sizeof(__u32);
      	data_p = -1 + (__u32 *) data_p;
      	memset(data_p, 0, length);
      	free(data_p);
diff --git a/libcap/cap_extint.c b/libcap/cap_extint.c
index 5a0cc8e..7d6e7ad 100644
--- a/libcap/cap_extint.c
+++ b/libcap/cap_extint.c
@@ -31,7 +31,7 @@ struct cap_ext_struct {
 
 ssize_t cap_size(cap_t caps)
 {
-    return sizeof(struct cap_ext_struct);
+    return ssizeof(struct cap_ext_struct);
 }
 
 /*
@@ -46,7 +46,7 @@ ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length)
     int i;
 
     /* valid arguments? */
-    if (!good_cap_t(cap_d) || length < sizeof(struct cap_ext_struct)
+    if (!good_cap_t(cap_d) || length < ssizeof(struct cap_ext_struct)
 	|| cap_ext == NULL) {
 	errno = EINVAL;
 	return -1;
@@ -57,7 +57,7 @@ ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length)
     result->length_of_capset = CAP_SET_SIZE;
 
     for (i=0; i<NUMBER_OF_CAP_SETS; ++i) {
-	int j;
+	size_t j;
 	for (j=0; j<CAP_SET_SIZE; ) {
 	    __u32 val;
 
@@ -71,7 +71,7 @@ ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length)
     }
 
     /* All done: return length of external representation */
-    return (sizeof(struct cap_ext_struct));
+    return (ssizeof(struct cap_ext_struct));
 }
 
 /*
@@ -99,7 +99,7 @@ cap_t cap_copy_int(const void *cap_ext)
 
     blen = export->length_of_capset;
     for (set=0; set<NUMBER_OF_CAP_SETS; ++set) {
-	int blk;
+	unsigned blk;
 	int bno = 0;
 	for (blk=0; blk<(CAP_SET_SIZE/sizeof(__u32)); ++blk) {
 	    __u32 val = 0;
diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 634e601..d3dc1d0 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -187,7 +187,7 @@ cap_t cap_get_fd(int fildes)
 	/* fill the capability sets via a system call */
 	sizeofcaps = fgetxattr(fildes, XATTR_NAME_CAPS,
 			       &rawvfscap, sizeof(rawvfscap));
-	if (sizeofcaps < sizeof(rawvfscap.magic_etc)) {
+	if (sizeofcaps < ssizeof(rawvfscap.magic_etc)) {
 	    cap_free(result);
 	    result = NULL;
 	} else {
@@ -217,7 +217,7 @@ cap_t cap_get_file(const char *filename)
 	/* fill the capability sets via a system call */
 	sizeofcaps = getxattr(filename, XATTR_NAME_CAPS,
 			      &rawvfscap, sizeof(rawvfscap));
-	if (sizeofcaps < sizeof(rawvfscap.magic_etc)) {
+	if (sizeofcaps < ssizeof(rawvfscap.magic_etc)) {
 	    cap_free(result);
 	    result = NULL;
 	} else {
diff --git a/libcap/libcap.h b/libcap/libcap.h
index 1e66f98..2596c11 100644
--- a/libcap/libcap.h
+++ b/libcap/libcap.h
@@ -12,14 +12,15 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 #include <sys/capability.h>
 
 #ifndef __u8
-#define __u8    unsigned char
+#define __u8    uint8_t
 #endif /* __8 */
 
 #ifndef __u32
-#define __u32   unsigned int
+#define __u32   uint32_t
 #endif /* __u32 */
 
 /* include the names for the caps and a definition of __CAP_BITS */
@@ -197,4 +198,12 @@ extern int capsetp(pid_t pid, cap_t cap_d);
 #define PR_GET_SECUREBITS 27
 #define PR_SET_SECUREBITS 28
 
+/*
+ * The library compares sizeof() with integer return values. To avoid
+ * signed/unsigned comparisons, leading to unfortunate
+ * misinterpretations of -1, we provide a convenient cast-to-signed-integer
+ * version of sizeof().
+ */
+#define ssizeof(x) ((ssize_t) sizeof(x))
+
 #endif /* LIBCAP_H */