Make SIZE_T_CEILING unsigned; add a signed SSIZE_T_CEILING

None of the comparisons were _broken_ previously, but avoiding
signed/unsigned comparisons makes everybody happier.

Fixes bug2475.

3 files changed, 9 insertions, 2 deletions

diff --git a/changes/bug2475 b/changes/bug2475
new file mode 100644
index 0000000000..d6f0595a59
--- /dev/null
+++ b/changes/bug2475
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
+      (None of the cases where we did this before were wrong, but by making
+      this change we can avoid warnings.)  Fixes bug2475; bugfix on
+      Tor 0.2.1.28.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 48c8dea08f..838347e20e 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -452,7 +452,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
 
   tor_assert(env);
   tor_assert(s);
-  tor_assert(len < INT_MAX && len < SIZE_T_CEILING);
+  tor_assert(len < INT_MAX && len < SSIZE_T_CEILING);
 
   /* Create a read-only memory BIO, backed by the string 's' */
   b = BIO_new_mem_buf((char*)s, (int)len);
diff --git a/src/common/torint.h b/src/common/torint.h
index 2a9fba6fcf..d489684656 100644
--- a/src/common/torint.h
+++ b/src/common/torint.h
@@ -330,8 +330,10 @@ typedef uint32_t uintptr_t;
 #endif
 #endif
 
+/* Any ssize_t larger than this amount is likely to be an underflow. */
+#define SSIZE_T_CEILING ((ssize_t)(SSIZE_T_MAX-16))
 /* Any size_t larger than this amount is likely to be an underflow. */
-#define SIZE_T_CEILING (SSIZE_T_MAX-16)
+#define SIZE_T_CEILING  ((size_t)(SSIZE_T_MAX-16))
 
 #endif /* __TORINT_H */