Your message dated Wed, 04 Jan 2017 17:33:47 +0000
with message-id <e1coprb-000e0j...@fasolo.debian.org>
and subject line Bug#835542: fixed in flex 2.6.1-1.2
has caused the Debian Bug report #835542,
regarding flex: comparison between signed and unsigned integer expressions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
835542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835542
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: flex
Version: 2.5.39-8+deb8u1
Severity: normal
After this update, I get the following warning when compiling the
flex generated code with gcc, which I didn't get before:
scan.cpp: In function âint yy_get_next_buffer(yyscan_t)â:
scan.cpp:758:18: error: comparison between signed and unsigned integer
expressions [-Werror=sign-compare]
scan.cpp:1384:3: note: in expansion of macro âYY_INPUTâ
Looking at the code:
#define YY_INPUT(buf,result,max_size) \
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
{ \
int c = '*'; \
size_t n; \
for ( n = 0; n < max_size && \
Invoked as:
int num_to_read = ...
YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
yyg->yy_n_chars, num_to_read );
So indeed an unsigned value (n) is compared with a signed one
(num_to_read). If this is correct, the warning can be silenced with
a cast of the appropriate one of them.
flex hasn't exactly been known for generating warning-free code,
but what really worries me is that this is a security update. Fixing
a security problem by introducing a sign-problem seems fishy to me.
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages flex depends on:
ii debconf [debconf-2.0] 1.5.56
ii dpkg 1.17.27
ii install-info 5.2.0.dfsg.1-6
ii libc6 2.19-18+deb8u5
ii libfl-dev 2.5.39-8+deb8u1
ii m4 1.4.17-4
Versions of packages flex recommends:
ii clang-3.5 [c-compiler] 1:3.5-10
ii gcc [c-compiler] 4:4.9.2-2
ii gcc-4.8 [c-compiler] 4.8.4-1
ii gcc-4.9 [c-compiler] 4.9.2-10
Versions of packages flex suggests:
ii bison 2:3.0.2.dfsg-2
ii build-essential 11.7
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: flex
Source-Version: 2.6.1-1.2
We believe that the bug you reported is fixed in the latest version of
flex, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 835...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <m...@debian.org> (supplier of updated flex package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 30 Dec 2016 20:29:41 +0100
Source: flex
Binary: flex flex-doc libfl-dev
Architecture: source
Version: 2.6.1-1.2
Distribution: unstable
Urgency: medium
Maintainer: Manoj Srivastava <sriva...@debian.org>
Changed-By: Christoph Berg <m...@debian.org>
Description:
flex - fast lexical analyzer generator
flex-doc - Documentation for flex (a fast lexical analyzer generator)
libfl-dev - static library for flex (a fast lexical analyzer generator)
Closes: 835542
Changes:
flex (2.6.1-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Cherry-pick 1da19feba7c957e0f0af0c3eeadc29e8c82b0ca3,
cf4121fa97abac8aeaa5e08b8fc0b2380228494e and
8c098febc9a599397921e9b6938b7fb85e38cc7e from upstream to fix comparison
between signed and unsigned integer expressions in generated lexer
(Closes: #835542).
* Fix distribution in last upload's NEWS.Debian.
Checksums-Sha1:
21bcaee44fd40d7acb7e5e4acfbd600be8c47231 2100 flex_2.6.1-1.2.dsc
9459fe26075faaf7e9556cb259751e95dd84470f 34017 flex_2.6.1-1.2.diff.gz
Checksums-Sha256:
087791edf96e13217bb0a9ae75269410d1cf47e74428140a3d518b3a5bbaf38b 2100
flex_2.6.1-1.2.dsc
de3a076b5342929bfe392004cf67e0635a690bb26440d1bbd7f05614390959be 34017
flex_2.6.1-1.2.diff.gz
Files:
71fdf3727527444cc5083cbdd235847d 2100 devel optional flex_2.6.1-1.2.dsc
521cf1a65e7f2c507e768e974eacb133 34017 devel optional flex_2.6.1-1.2.diff.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlhm4uIACgkQTFprqxLS
p67XRg//SBrMtEQNdURNQOOydG8838WwBhBYFLt+OXJSDMzRJj/PK5/EyHTptZ5Q
p+PLohtEyQpZA2pwQODOLKYpbLus9ZlD5L0CpasfkOyscncSefKGQNT1fkxhCYme
1fUkPWomT+K8ridhHgHY7FbZ0i+N1HPIhSb/BIpne+VWIlW+WRHy4bLE4yNOq0mF
7fgwyWZBJyr4VtBeerbizzjVEdeShjpHIZP6GkOOssJZzuzXhYmeWL7w9tOMHr9G
KrZirSqnyO1UtOAPRuPdhxsAtjIFwq4G93vudqVS0ujuRRtRCbGD8bet701UWcIQ
UJL7HnrjV/+d2nSQbLrVAMlL0QCiUrZSMBx+dMU7Pag5+ceFSC6g7JOgQXQh3hDh
I5oWcD3lj7CuTE21DgbiAVtRYqRspLFlE11+gdy8x3+ngMhq4OHrM6bjlo6OCQ7c
h/O+7AIW6ihrGpcp/d7XxUTGPp42ki0pnMWEcdVfjlb4YkSCSJyUe/nD6qITiLxk
Ibyfr4PYkLBCuy4XeTBtr1N+dyWmsQvYuohztZ4lnF18UlhW2JM71/sPDHmxl1Fc
wjmagbVCA0e2yElu7+aO2NbUWkhx4ifV8yFxCCHtkEdvXdelv6K0bvASsO1OY35X
wQEtajI5VDW2eClj2nO0XhBPJrBoG9T68AaDJuj3H2tUDcR2+YE=
=0Sx9
-----END PGP SIGNATURE-----
--- End Message ---
