In C enums are integertyped, but it is up to the compiler to decide

if they are signed or unsigned. Range-check enums is sound programming practice, but that concept seems to be beyond the imagination of certain compiler people: vhp_decode.c:96:2: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits] Add a dummy "MIN" value to the enum, give it value -1 to force the compiler to use signed ints for the enum, and then check that they're never negative.

In C enums are integertyped, but it is up to the compiler to decide
if they are signed or unsigned. Range-check enums is sound programming practice, but that concept seems to be beyond the imagination of certain compiler people: vhp_decode.c:96:2: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits] Add a dummy "MIN" value to the enum, give it value -1 to force the compiler to use signed ints for the enum, and then check that they're never negative.
e4ce8c01 · Poul-Henning Kamp · f176f05c · e4ce8c01
Commit e4ce8c01 authored Sep 09, 2016 by Poul-Henning Kamp
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

vhp_decode.c bin/varnishd/hpack/vhp_decode.c +2 -1

No files found.
--- a/bin/varnishd/hpack/vhp_decode.c
+++ b/bin/varnishd/hpack/vhp_decode.c
@@ -70,6 +70,7 @@ enum vhd_func_e {

 /* States */
 enum vhd_state_e {
+	VHD_S__MIN = -1,
 #define VHD_FSM(STATE, FUNC, arg1, arg2)	\
 	VHD_S_##STATE,
 #include "tbl/vhd_fsm.h"
@@ -93,7 +94,7 @@ static void
 vhd_set_state(struct vhd_decode *d, enum vhd_state_e state)
 {
 	AN(d);
-	assert(state >= 0 && state < VHD_S__MAX);
+	assert(state > VHD_S__MIN && state < VHD_S__MAX);
 	d->state = state;
 	d->first = 1;
 }