From 1d312efe7d136cf02189ff7e991455c34eb87588 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 31 Jan 2022 16:25:12 -0500
Subject: [PATCH 1/2] avoid promoting `unsigned short` to `int` before
 comparing it

`n` is unsigned short.
`n - 1` is promoted to int because all unsigned short fit into int
(if they did not it would be promoted to unsigned int).

`row` is unsigned int.

`row < n - 1` is `(unsigned int) < (int)` is a compiler warning about
comparing types with different signedness.

`row + 1` involves no promotion because `row` is already an `unsigned int`.
`row + 1 < n` is `(unsigned int) < (unsigned short)` which is not a compiler
warning.

`row + 1 < n` is equivalent to `row < n - 1` because `row + 1 < n` is just
`row < n - 1` with 1 added to both sides.

`n - 1` was never a negative overflow because n is asserted to be greater than
or equal to 1 higher up in this function.

`row + 1` is never a positive overflow because row is a loop variable starting
from 0 and never exceeding n, which can be no more than SHORT_MAX.
SHORT_MAX + 1 is not a positive overflow for unsigned int.
---
 zfec/fec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zfec/fec.c b/zfec/fec.c
index 3b999a9d..cc77a93b 100644
--- a/zfec/fec.c
+++ b/zfec/fec.c
@@ -444,7 +444,7 @@ fec_new(unsigned short k, unsigned short n) {
     tmp_m[0] = 1;
     for (col = 1; col < k; col++)
         tmp_m[col] = 0;
-    for (p = tmp_m + k, row = 0; row < n - 1; row++, p += k)
+    for (p = tmp_m + k, row = 0; row + 1 < n; row++, p += k)
         for (col = 0; col < k; col++)
             p[col] = gf_exp[modnn (row * col)];
 

From 3eea2c083214b01c7ad1772b5ce5cb9ff3ea185b Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 31 Jan 2022 16:30:37 -0500
Subject: [PATCH 2/2] avoid promoting an unsigned short to an int before
 comparing it

`self->mm` is an unsigned short.
`self->kk` is an unsigned short.

`self->mm - self->kk` is promoted to an int.
`i` is a size_t (a long unsigned int).

`i < self->mm - self->kk` is `(long unsigned int) < (int)` is a compiler
warning about comparing types with different signedness.

`self->mm - self->kk` is never a negative overflow because `self->kk >
self->mm` is not allowed by the constructor.
Thus `self->mm - self->kk` is 0 at the smallest.

long unsigned int is larger than unsigned short so neither `(size_t)self->mm`
nor `(size_t)self->kk` is a positive overflow.

Since there is no positive overflow on cast and there is no chance of negative
values `(size_t)self->mm - (size_t)self->kk` has the same value as `self->mm -
self->kk`.
---
 zfec/_fecmodule.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zfec/_fecmodule.c b/zfec/_fecmodule.c
index 7bd484a6..72f250a6 100644
--- a/zfec/_fecmodule.c
+++ b/zfec/_fecmodule.c
@@ -134,7 +134,7 @@ Encoder_encode(Encoder *self, PyObject *args) {
     if (!PyArg_ParseTuple(args, "O|O:Encoder.encode", &inblocks, &desired_blocks_nums))
         return NULL;
 
-    for (i = 0; i < self->mm - self->kk; i++)
+    for (i = 0; i < (size_t)self->mm - (size_t)self->kk; i++)
         pystrs_produced[i] = NULL;
 
     if (desired_blocks_nums) {