build: enable -Wsign-conversion warnings and fix/silence them (OpenSSF)

.github/workflows/linux.yml

@@ -119,7 +119,7 @@ jobs:
           - name: openssl3-O3
             install_packages: zlib1g-dev valgrind
             install_steps: gcc-11 openssl3
-            configure: CPPFLAGS=-DCURL_WARN_SIGN_CONVERSION CFLAGS=-O3 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
+            configure: CFLAGS=-O3 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
             singleuse: --unit
 
           - name: openssl3-clang

CMake/PickyWarnings.cmake

@@ -98,7 +98,6 @@ if(PICKY_COMPILER)
       -Wold-style-definition               # clang  2.7  gcc  3.4
       -Wredundant-decls                    # clang  2.7  gcc  4.1
       -Wsign-conversion                    # clang  2.9  gcc  4.3
-        -Wno-error=sign-conversion                                              # FIXME
       -Wstrict-prototypes                  # clang  1.0  gcc  3.3
     # -Wswitch-enum                        # clang  2.7  gcc  4.1               # Not used because this basically disallows default case
       -Wtype-limits                        # clang  2.7  gcc  4.3

lib/altsvc.c

@@ -270,7 +270,7 @@ static CURLcode altsvc_out(struct altsvc *as, FILE *fp)
           "%s %s%s%s %u "
           "\"%d%02d%02d "
           "%02d:%02d:%02d\" "
-          "%u %d\n",
+          "%u %u\n",
           Curl_alpnid2str(as->src.alpnid),
           src6_pre, as->src.host, src6_post,
           as->src.port,
@@ -409,7 +409,7 @@ static CURLcode getalnum(const char **ptr, char *alpnbuf, size_t buflen)
   protop = p;
   while(*p && !ISBLANK(*p) && (*p != ';') && (*p != '='))
     p++;
-  len = p - protop;
+  len = (size_t)(p - protop);
   *ptr = p;
 
   if(!len || (len >= buflen))
@@ -462,7 +462,7 @@ static time_t altsvc_debugtime(void *unused)
   char *timestr = getenv("CURL_TIME");
   (void)unused;
   if(timestr) {
-    unsigned long val = strtol(timestr, NULL, 10);
+    long val = strtol(timestr, NULL, 10);
     return (time_t)val;
   }
   return time(NULL);
@@ -546,7 +546,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
           else {
             while(*p && (ISALNUM(*p) || (*p == '.') || (*p == '-')))
               p++;
-            len = p - hostp;
+            len = (size_t)(p - hostp);
           }
           if(!len || (len >= MAX_ALTSVC_HOSTLEN)) {
             infof(data, "Excessive alt-svc host name, ignoring.");
@@ -624,7 +624,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
           num = strtoul(value_ptr, &end_ptr, 10);
           if((end_ptr != value_ptr) && (num < ULONG_MAX)) {
             if(strcasecompare("ma", option))
-              maxage = num;
+              maxage = (time_t)num;
             else if(strcasecompare("persist", option) && (num == 1))
               persist = TRUE;
           }
@@ -696,7 +696,7 @@ bool Curl_altsvc_lookup(struct altsvcinfo *asi,
     if((as->src.alpnid == srcalpnid) &&
        hostcompare(srchost, as->src.host) &&
        (as->src.port == srcport) &&
-       (versions & as->dst.alpnid)) {
+       (versions & (int)as->dst.alpnid)) {
       /* match */
       *dstentry = as;
       return TRUE;

lib/altsvc.h

@@ -47,7 +47,7 @@ struct altsvc {
   struct althost dst;
   time_t expires;
   bool persist;
-  int prio;
+  unsigned int prio;
   struct Curl_llist_element node;
 };
 

lib/asyn-ares.c

@@ -350,7 +350,7 @@ static int waitperform(struct Curl_easy *data, timediff_t timeout_ms)
   }
 
   if(num) {
-    nfds = Curl_poll(pfd, num, timeout_ms);
+    nfds = Curl_poll(pfd, (unsigned int)num, timeout_ms);
     if(nfds < 0)
       return -1;
   }

lib/asyn-thread.c

@@ -665,7 +665,7 @@ static bool init_resolve_thread(struct Curl_easy *data,
                                   NULL, &td->tsd.w8.overlapped,
                                   &query_complete, &td->tsd.w8.cancel_ev);
         if(err != WSA_IO_PENDING)
-          query_complete(err, 0, &td->tsd.w8.overlapped);
+          query_complete((DWORD)err, 0, &td->tsd.w8.overlapped);
         return TRUE;
       }
     }

lib/bufq.c

@@ -109,7 +109,7 @@ static ssize_t chunk_slurpn(struct buf_chunk *chunk, size_t max_len,
   nread = reader(reader_ctx, p, n, err);
   if(nread > 0) {
     DEBUGASSERT((size_t)nread <= n);
-    chunk->w_offset += nread;
+    chunk->w_offset += (size_t)nread;
   }
   return nread;
 }
@@ -405,7 +405,7 @@ ssize_t Curl_bufq_write(struct bufq *q,
     n = chunk_append(tail, buf, len);
     if(!n)
       break;
-    nwritten += n;
+    nwritten += (ssize_t)n;
     buf += n;
     len -= n;
   }
@@ -438,7 +438,7 @@ ssize_t Curl_bufq_read(struct bufq *q, unsigned char *buf, size_t len,
   while(len && q->head) {
     n = chunk_read(q->head, buf, len);
     if(n) {
-      nread += n;
+      nread += (ssize_t)n;
       buf += n;
       len -= n;
     }
@@ -582,7 +582,7 @@ ssize_t Curl_bufq_write_pass(struct bufq *q,
     /* Maybe only part of `data` has been added, continue to loop */
     buf += (size_t)n;
     len -= (size_t)n;
-    nwritten += (size_t)n;
+    nwritten += n;
   }
 
   if(!nwritten && len) {
@@ -656,7 +656,7 @@ static ssize_t bufq_slurpn(struct bufq *q, size_t max_len,
       *err = CURLE_OK;
       break;
     }
-    nread += (size_t)n;
+    nread += n;
     if(max_len) {
       DEBUGASSERT((size_t)n <= max_len);
       max_len -= (size_t)n;

lib/c-hyper.c

@@ -570,7 +570,7 @@ CURLcode Curl_hyper_header(struct Curl_easy *data, hyper_headers *headers,
     if(!p)
       /* this is fine if we already added at least one header */
       return numh ? CURLE_OK : CURLE_BAD_FUNCTION_ARGUMENT;
-    nlen = p - n;
+    nlen = (size_t)(p - n);
     p++; /* move past the colon */
     while(*p == ' ')
       p++;
@@ -587,8 +587,8 @@ CURLcode Curl_hyper_header(struct Curl_easy *data, hyper_headers *headers,
     }
     else
       linelen = 2; /* CRLF ending */
-    linelen += (p - n);
-    vlen = p - v;
+    linelen += (size_t)(p - n);
+    vlen = (size_t)(p - v);
 
     if(HYPERE_OK != hyper_headers_add(headers, (uint8_t *)n, nlen,
                                       (uint8_t *)v, vlen)) {
@@ -670,7 +670,7 @@ static int uploadstreamed(void *userdata, hyper_context *ctx,
     }
     /* increasing the writebytecount here is a little premature but we
        don't know exactly when the body is sent */
-    data->req.writebytecount += fillcount;
+    data->req.writebytecount += (curl_off_t)fillcount;
     Curl_pgrsSetUploadCounter(data, data->req.writebytecount);
     rc = HYPER_POLL_READY;
   }

lib/cf-h2-proxy.c

@@ -1418,7 +1418,7 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf,
     /* Unable to send all data, due to connection blocked or H2 window
      * exhaustion. Data is left in our stream buffer, or nghttp2's internal
      * frame buffer or our network out buffer. */
-    size_t rwin = nghttp2_session_get_stream_remote_window_size(
+    size_t rwin = (size_t)nghttp2_session_get_stream_remote_window_size(
                     ctx->h2, ctx->tunnel.stream_id);
     if(rwin == 0) {
       /* H2 flow window exhaustion.
@@ -1433,7 +1433,7 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf,
     /* Whatever the cause, we need to return CURL_EAGAIN for this call.
      * We have unwritten state that needs us being invoked again and EAGAIN
      * is the only way to ensure that. */
-    ctx->tunnel.upload_blocked_len = nwritten;
+    ctx->tunnel.upload_blocked_len = (size_t)nwritten;
     CURL_TRC_CF(data, cf, "[%d] cf_send(len=%zu) BLOCK: win %u/%zu "
                 "blocked_len=%zu",
                 ctx->tunnel.stream_id, len,

lib/cf-socket.c

@@ -180,10 +180,10 @@ tcpkeepalive(struct Curl_easy *data,
     vals.onoff = 1;
     optval = curlx_sltosi(data->set.tcp_keepidle);
     KEEPALIVE_FACTOR(optval);
-    vals.keepalivetime = optval;
+    vals.keepalivetime = (u_long)optval;
     optval = curlx_sltosi(data->set.tcp_keepintvl);
     KEEPALIVE_FACTOR(optval);
-    vals.keepaliveinterval = optval;
+    vals.keepaliveinterval = (u_long)optval;
     if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals),
                 NULL, 0, &dummy, NULL, NULL) != 0) {
       infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd "
@@ -255,7 +255,7 @@ void Curl_sock_assign_addr(struct Curl_sockaddr_ex *dest,
     dest->protocol = IPPROTO_UDP;
     break;
   }
-  dest->addrlen = ai->ai_addrlen;
+  dest->addrlen = (unsigned int)ai->ai_addrlen;
 
   if(dest->addrlen > sizeof(struct Curl_sockaddr_storage))
     dest->addrlen = sizeof(struct Curl_sockaddr_storage);
@@ -959,7 +959,7 @@ static CURLcode set_remote_ip(struct Curl_cfilter *cf,
   struct cf_socket_ctx *ctx = cf->ctx;
 
   /* store remote address and port used in this connection attempt */
-  if(!Curl_addr2string(&ctx->addr.sa_addr, ctx->addr.addrlen,
+  if(!Curl_addr2string(&ctx->addr.sa_addr, (curl_socklen_t)ctx->addr.addrlen,
                        ctx->ip.remote_ip, &ctx->ip.remote_port)) {
     char buffer[STRERROR_LEN];
 
@@ -1124,7 +1124,8 @@ static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data,
 #endif
   }
   else {
-    rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+    rc = connect(ctx->sock, &ctx->addr.sa_addr,
+                 (curl_socklen_t)ctx->addr.addrlen);
   }
   return rc;
 }
@@ -1326,7 +1327,7 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data,
     }
   }
   if(cf->cft != &Curl_cft_udp && ctx->wpartial_percent > 0 && len > 8) {
-    len = len * ctx->wpartial_percent / 100;
+    len = len * (size_t)ctx->wpartial_percent / 100;
     if(!len)
       len = 1;
     CURL_TRC_CF(data, cf, "send(len=%zu) SIMULATE partial write of %zu bytes",
@@ -1662,7 +1663,8 @@ static CURLcode cf_udp_setup_quic(struct Curl_cfilter *cf,
   /* On macOS OpenSSL QUIC fails on connected sockets.
    * see: <https://github.com/openssl/openssl/issues/23251> */
 #else
-  rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+  rc = connect(ctx->sock, &ctx->addr.sa_addr,
+               (curl_socklen_t)ctx->addr.addrlen);
   if(-1 == rc) {
     return socket_connect_result(data, ctx->ip.remote_ip, SOCKERRNO);
   }
@@ -1922,7 +1924,7 @@ static void set_accepted_remote_ip(struct Curl_cfilter *cf,
   ctx->ip.remote_ip[0] = 0;
   ctx->ip.remote_port = 0;
   plen = sizeof(ssrem);
-  memset(&ssrem, 0, plen);
+  memset(&ssrem, 0, (size_t)plen);
   if(getpeername(ctx->sock, (struct sockaddr*) &ssrem, &plen)) {
     int error = SOCKERRNO;
     failf(data, "getpeername() failed with errno %d: %s",

lib/cfilters.c

@@ -701,7 +701,7 @@ CURLcode Curl_conn_recv(struct Curl_easy *data, int sockindex,
   nread = data->conn->recv[sockindex](data, sockindex, buf, blen, &result);
   DEBUGASSERT(nread >= 0 || result);
   DEBUGASSERT(nread < 0 || !result);
-  *n = (nread >= 0)? (size_t)nread : 0;
+  *n = (nread >= 0)? nread : 0;
   return result;
 }
 

lib/content_encoding.c

@@ -491,10 +491,11 @@ static CURLcode gzip_do_write(struct Curl_easy *data,
     /* Initial call state */
     ssize_t hlen;
 
-    switch(check_gzip_header((unsigned char *) buf, nbytes, &hlen)) {
+    /* FIXME: nbytes cast */
+    switch(check_gzip_header((unsigned char *) buf, (ssize_t)nbytes, &hlen)) {
     case GZIP_OK:
       z->next_in = (Bytef *) buf + hlen;
-      z->avail_in = (uInt) (nbytes - hlen);
+      z->avail_in = (uInt) (nbytes - (size_t)hlen);
       zp->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */
       break;
 
@@ -536,13 +537,13 @@ static CURLcode gzip_do_write(struct Curl_easy *data,
     /* Append the new block of data to the previous one */
     memcpy(z->next_in + z->avail_in - nbytes, buf, nbytes);
 
-    switch(check_gzip_header(z->next_in, z->avail_in, &hlen)) {
+    switch(check_gzip_header(z->next_in, (ssize_t)z->avail_in, &hlen)) {
     case GZIP_OK:
       /* This is the zlib stream data */
       free(z->next_in);
       /* Don't point into the malloced block since we just freed it */
       z->next_in = (Bytef *) buf + hlen + nbytes - z->avail_in;
-      z->avail_in = (uInt) (z->avail_in - hlen);
+      z->avail_in = z->avail_in - (uInt)hlen;
       zp->zlib_init = ZLIB_GZIP_INFLATING;   /* Inflating stream state */
       break;
 
@@ -988,7 +989,7 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
 
     for(namelen = 0; *enclist && *enclist != ','; enclist++)
       if(!ISSPACE(*enclist))
-        namelen = enclist - name + 1;
+        namelen = (size_t)(enclist - name + 1);
 
     if(namelen) {
       const struct Curl_cwtype *cwt;

lib/cookie.c

@@ -236,9 +236,9 @@ static const char *get_top_domain(const char * const domain, size_t *outlen)
     len = strlen(domain);
     last = memrchr(domain, '.', len);
     if(last) {
-      first = memrchr(domain, '.', (last - domain));
+      first = memrchr(domain, '.', (size_t)(last - domain));
       if(first)
-        len -= (++first - domain);
+        len -= (size_t)(++first - domain);
     }
   }
 
@@ -262,8 +262,9 @@ static size_t cookie_hash_domain(const char *domain, const size_t len)
   size_t h = 5381;
 
   while(domain < end) {
+    size_t j = (size_t)Curl_raw_toupper(*domain++);
     h += h << 5;
-    h ^= Curl_raw_toupper(*domain++);
+    h ^= j;
   }
 
   return (h % COOKIE_HASH_SIZE);
@@ -436,7 +437,7 @@ static bool bad_domain(const char *domain, size_t len)
     /* there must be a dot present, but that dot must not be a trailing dot */
     char *dot = memchr(domain, '.', len);
     if(dot) {
-      size_t i = dot - domain;
+      size_t i = (size_t)(dot - domain);
       if((len - i) > 1)
         /* the dot is not the last byte */
         return FALSE;
@@ -820,9 +821,9 @@ Curl_cookie_add(struct Curl_easy *data,
       if(!queryp)
         endslash = strrchr(path, '/');
       else
-        endslash = memrchr(path, '/', (queryp - path));
+        endslash = memrchr(path, '/', (size_t)(queryp - path));
       if(endslash) {
-        size_t pathlen = (endslash-path + 1); /* include end slash */
+        size_t pathlen = (size_t)(endslash-path + 1); /* include end slash */
         co->path = Curl_memdup0(path, pathlen);
         if(co->path) {
           co->spath = sanitize_cookie_path(co->path);
@@ -1087,7 +1088,7 @@ Curl_cookie_add(struct Curl_easy *data,
         sep = strchr(clist->spath + 1, '/');
 
         if(sep)
-          cllen = sep - clist->spath;
+          cllen = (size_t)(sep - clist->spath);
         else
           cllen = strlen(clist->spath);
 
@@ -1646,7 +1647,7 @@ static CURLcode cookie_output(struct Curl_easy *data,
     size_t nvalid = 0;
     struct Cookie **array;
 
-    array = calloc(1, sizeof(struct Cookie *) * c->numcookies);
+    array = calloc(1, sizeof(struct Cookie *) * (size_t)c->numcookies);
     if(!array) {
       error = CURLE_OUT_OF_MEMORY;
       goto error;

lib/curl_addrinfo.c

@@ -317,7 +317,11 @@ Curl_he2ai(const struct hostent *he, int port)
       addr = (void *)ai->ai_addr; /* storage area for this info */
 
       memcpy(&addr->sin_addr, curr, sizeof(struct in_addr));
+#ifdef __MINGW32__
+      addr->sin_family = (short)(he->h_addrtype);
+#else
       addr->sin_family = (CURL_SA_FAMILY_T)(he->h_addrtype);
+#endif
       addr->sin_port = htons((unsigned short)port);
       break;
 
@@ -326,7 +330,11 @@ Curl_he2ai(const struct hostent *he, int port)
       addr6 = (void *)ai->ai_addr; /* storage area for this info */
 
       memcpy(&addr6->sin6_addr, curr, sizeof(struct in6_addr));
+#ifdef __MINGW32__
+      addr6->sin6_family = (short)(he->h_addrtype);
+#else
       addr6->sin6_family = (CURL_SA_FAMILY_T)(he->h_addrtype);
+#endif
       addr6->sin6_port = htons((unsigned short)port);
       break;
 #endif