Enable and resolve sign comparisson warnings

Comparisson of different signedness can result in unexpected results due
to implicit conversions.

    ../network.c:81:34: warning: comparison of integer expressions of different signedness: ‘__u32’ {aka ‘unsigned int’} and ‘int’ [-Wsign-compare]
       81 |           if (rheader->nlmsg_seq != seq_nr)
          |                                  ^~
    ../network.c:83:34: warning: comparison of integer expressions of different signedness: ‘__u32’ {aka ‘unsigned int’} and ‘__pid_t’ {aka ‘int’} [-Wsign-compare]
      83 |           if (rheader->nlmsg_pid != getpid ())
          |                                  ^~

    ../bind-mount.c:268:17: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
      268 |       assert (i < n_lines);
          |                 ^
    ../bind-mount.c:309:13: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
      309 |   assert (i == n_lines);
          |             ^~
    ../bind-mount.c:318:17: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
      318 |   for (i = 0; i < n_lines; i++)
          |                 ^
    ../bind-mount.c:321:17: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
      321 |   for (i = 0; i < n_lines; i++)
          |                 ^

    ../utils.c:818:19: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘ssize_t’ {aka ‘long int’} [-Wsign-compare]
      818 |   while (size - 2 < n);
          |                   ^

    ../bubblewrap.c:489:13: warning: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Wsign-compare]
      489 |   assert (j < sizeof(dont_close)/sizeof(*dont_close));
          |             ^
    ../bubblewrap.c:994:25: warning: comparison of integer expressions of different signedness: ‘int’ and ‘uid_t’ {aka ‘unsigned int’} [-Wsign-compare]
      994 |       if (setfsuid (-1) != real_uid)
          |                         ^~
    ../bubblewrap.c:1042:61: warning: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘size_t’ {aka ‘long unsigned int’} [-Wsign-compare]
     1042 |       if (write (privileged_op_socket, buffer, buffer_size) != buffer_size)
          |                                                             ^~
    ../bubblewrap.c:1232:25: warning: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Wsign-compare]
     1232 |           for (i = 0; i < N_ELEMENTS (cover_proc_dirs); i++)
          |                         ^
    ../bubblewrap.c:1260:25: warning: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Wsign-compare]
     1260 |           for (i = 0; i < N_ELEMENTS (devnodes); i++)
          |                         ^
    ../bubblewrap.c:1272:25: warning: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Wsign-compare]
     1272 |           for (i = 0; i < N_ELEMENTS (stdionodes); i++)
          |                         ^
    ../bubblewrap.c: In function ‘read_priv_sec_op’:
    ../bubblewrap.c:1556:15: warning: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘long unsigned int’ [-Wsign-compare]
     1556 |   if (rec_len < sizeof (PrivSepOp))
          |               ^
    ../bubblewrap.c:1626:28: warning: comparison of integer expressions of different signedness: ‘int’ and ‘uint32_t’ {aka ‘unsigned int’} [-Wsign-compare]
     1626 |   if (*total_parsed_argc_p > MAX_ARGS)
          |                            ^
    ../bubblewrap.c:1681:40: warning: comparison of integer expressions of different signedness: ‘int’ and ‘uint32_t’ {aka ‘unsigned int’} [-Wsign-compare]
     1681 |               if (*total_parsed_argc_p > MAX_ARGS)
          |                                        ^
    ../bubblewrap.c:2265:31: warning: comparison of integer expressions of different signedness: ‘uid_t’ {aka ‘unsigned int’} and ‘int’ [-Wsign-compare]
     2265 |           if (opt_sandbox_uid != -1)
          |                               ^~
    ../bubblewrap.c:2285:31: warning: comparison of integer expressions of different signedness: ‘gid_t’ {aka ‘unsigned int’} and ‘int’ [-Wsign-compare]
     2285 |           if (opt_sandbox_gid != -1)
          |                               ^~
    ../bubblewrap.c:2678:23: warning: comparison of integer expressions of different signedness: ‘uid_t’ {aka ‘unsigned int’} and ‘int’ [-Wsign-compare]
     2678 |   if (opt_sandbox_uid == -1)
          |                       ^~
    ../bubblewrap.c:2680:23: warning: comparison of integer expressions of different signedness: ‘gid_t’ {aka ‘unsigned int’} and ‘int’ [-Wsign-compare]
     2680 |   if (opt_sandbox_gid == -1)
          |                       ^~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

5 files changed, 15 insertions, 20 deletions

diff --git a/bind-mount.c b/bind-mount.c
index 488d85a..57b4236 100644
--- a/bind-mount.c
+++ b/bind-mount.c
@@ -237,7 +237,7 @@ parse_mountinfo (int  proc_fd,
   MountInfo *end_tab;
   int n_mounts;
   char *line;
-  int i;
+  unsigned int i;
   int max_id;
   unsigned int n_lines;
   int root;
diff --git a/bubblewrap.c b/bubblewrap.c
index 8322ea0..97f12af 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -496,7 +496,7 @@ monitor_child (int event_fd, pid_t child_pid, int setup_finished_fd)
   int num_fds;
   struct signalfd_siginfo fdsi;
   int dont_close[] = {-1, -1, -1, -1};
-  int j = 0;
+  unsigned int j = 0;
   int exitc;
   pid_t died_pid;
   int died_status;
@@ -1014,7 +1014,7 @@ write_uid_gid_map (uid_t sandbox_uid,
   if (is_privileged)
     {
       setfsuid (old_fsuid);
-      if (setfsuid (-1) != real_uid)
+      if ((uid_t) setfsuid (-1) != real_uid)
         die ("Unable to re-set fsuid");
     }
 }
@@ -1065,7 +1065,7 @@ privileged_op (int         privileged_op_socket,
       if (arg2 != NULL)
         strcpy ((char *) buffer + arg2_offset, arg2);
 
-      if (write (privileged_op_socket, buffer, buffer_size) != buffer_size)
+      if (write (privileged_op_socket, buffer, buffer_size) != (ssize_t)buffer_size)
         die ("Can't write to privileged_op_socket");
 
       if (read (privileged_op_socket, buffer, 1) != 1)
@@ -1182,7 +1182,7 @@ setup_newroot (bool unshare_pid,
       cleanup_free char *source = NULL;
       cleanup_free char *dest = NULL;
       int source_mode = 0;
-      int i;
+      unsigned int i;
 
       if (op->source &&
           op->type != SETUP_MAKE_SYMLINK)
@@ -1593,7 +1593,7 @@ read_priv_sec_op (int          read_socket,
   if (rec_len == 0)
     exit (1); /* Privileged helper died and printed error, so exit silently */
 
-  if (rec_len < sizeof (PrivSepOp))
+  if ((size_t)rec_len < sizeof (PrivSepOp))
     die ("Invalid size %zd from unprivileged helper", rec_len);
 
   /* Guarantee zero termination of any strings */
@@ -1647,7 +1647,7 @@ parse_args_recurse (int          *argcp,
    * I picked 9000 because the Internet told me to and it was hard to
    * resist.
    */
-  static const uint32_t MAX_ARGS = 9000;
+  static const int32_t MAX_ARGS = 9000;
 
   if (*total_parsed_argc_p > MAX_ARGS)
     die ("Exceeded maximum number of arguments %u", MAX_ARGS);
@@ -2300,7 +2300,7 @@ parse_args_recurse (int          *argcp,
           if (argc < 2)
             die ("--uid takes an argument");
 
-          if (opt_sandbox_uid != -1)
+          if (opt_sandbox_uid != (uid_t)-1)
             warn_only_last_option ("--uid");
 
           the_uid = strtol (argv[1], &endptr, 10);
@@ -2320,7 +2320,7 @@ parse_args_recurse (int          *argcp,
           if (argc < 2)
             die ("--gid takes an argument");
 
-          if (opt_sandbox_gid != -1)
+          if (opt_sandbox_gid != (gid_t)-1)
             warn_only_last_option ("--gid");
 
           the_gid = strtol (argv[1], &endptr, 10);
@@ -2768,9 +2768,9 @@ main (int    argc,
 
   __debug__ (("Creating root mount point\n"));
 
-  if (opt_sandbox_uid == -1)
+  if (opt_sandbox_uid == (uid_t)-1)
     opt_sandbox_uid = real_uid;
-  if (opt_sandbox_gid == -1)
+  if (opt_sandbox_gid == (gid_t)-1)
     opt_sandbox_gid = real_gid;
 
   if (!opt_unshare_user && opt_userns_fd == -1 && opt_sandbox_uid != real_uid)
diff --git a/meson.build b/meson.build
index 6de2bac..0c26aa5 100644
--- a/meson.build
+++ b/meson.build
@@ -37,11 +37,6 @@ add_project_arguments(
     '-Werror=switch-default',
     '-Wswitch-enum',
 
-    # Meson warning_level=2 would do this, but we are not fully
-    # signedness-safe yet
-    '-Wno-sign-compare',
-    '-Wno-error=sign-compare',
-
     # Deliberately not warning about these, ability to zero-initialize
     # a struct is a feature
     '-Wno-missing-field-initializers',
diff --git a/network.c b/network.c
index 9477cb7..b47965c 100644
--- a/network.c
+++ b/network.c
@@ -62,8 +62,8 @@ rtnl_send_request (int              rtnl_fd,
 }
 
 static int
-rtnl_read_reply (int rtnl_fd,
-                 int seq_nr)
+rtnl_read_reply (int          rtnl_fd,
+                 unsigned int seq_nr)
 {
   char buffer[1024];
   ssize_t received;
@@ -80,7 +80,7 @@ rtnl_read_reply (int rtnl_fd,
         {
           if (rheader->nlmsg_seq != seq_nr)
             return -1;
-          if (rheader->nlmsg_pid != getpid ())
+          if ((pid_t)rheader->nlmsg_pid != getpid ())
             return -1;
           if (rheader->nlmsg_type == NLMSG_ERROR)
             {
diff --git a/utils.c b/utils.c
index 693273b..1353ea6 100644
--- a/utils.c
+++ b/utils.c
@@ -815,7 +815,7 @@ readlink_malloc (const char *pathname)
       if (n < 0)
         return NULL;
     }
-  while (size - 2 < n);
+  while (size - 2 < (size_t)n);
 
   value[n] = 0;
   return steal_pointer (&value);