Skip to content

u8::max as usize instead of u8::MAX as usize should warn #13973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
theemathas opened this issue Jan 9, 2025 · 4 comments · Fixed by #13979
Closed

u8::max as usize instead of u8::MAX as usize should warn #13973

theemathas opened this issue Jan 9, 2025 · 4 comments · Fixed by #13979
Labels
A-lint Area: New lints

Comments

@theemathas
Copy link
Contributor

What it does

It should warn on code like u8::max as usize, or similar code with min or with other integer types.

Advantage

u8::MAX is a constant equal to 2^8-1. u8::MAX as usize casts that value to a larger integer size.

u8::max is a function that takes two u8 values and returns the larger one. u8::max as usize takes the address of that function, which is almost certainly not intended.

Drawbacks

No response

Example

u8::max as usize

Could be written as:

u8::MAX as usize
@theemathas theemathas added the A-lint Area: New lints label Jan 9, 2025
@dennisjackson
Copy link

dennisjackson commented Jan 10, 2025
edited
Loading

Example code which triggers the assert, but emits no warnings from Cargo or Clippy in pedantic mode:

#[deny(clippy::pedantic)]
pub fn main() {
    let x: usize = 65_535;

    // Should be u16::MAX
    if x < u16::max as usize {
        println!("fits in a u16!");
        assert!(x < 65_535);
    } else {
        println!("Too big!");
    }
}

Although clippy::fn_to_numeric_cast_any will catch this mistake, it's not enabled in pedantic mode and will flag all other uses where function pointers are converted to integers.

Possible solutions:

  • Enable clippy::fn_to_numeric_cast_any by default for the special case of standard library functions where associated constants and functions are lookalikes.
  • Warn when function pointers are cast to usize in a non-equality comparison.

@GuillaumeGomez
Copy link
Member

I don't think we can make fn_to_numeric_cast_any to be emitted in some special cases. Its category cannot be changed at runtime.

I think in this case, the best might be a specialized new lint. Something like primitive_method_to_numeric_cast.

@GuillaumeGomez GuillaumeGomez mentioned this issue Jan 10, 2025
Merged
@meltyness
Copy link

Another thing to notice too that (though they are deprecated) methods like i32::min_value and u8::max_value are also a bit confusing.

@theemathas
Copy link
Contributor Author

theemathas commented Apr 27, 2025
edited
Loading

Here's a bug occurring in practice due to this footgun, leading to a CVE:

mozilla/gecko-dev@eaa2194#diff-ae44822f5ed147b5ecf38d71f1c752533de39a19d8b786ee8d94b4874ce6af0cL1037

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1014

github-merge-queue bot pushed a commit that referenced this issue May 12, 2025
@llogiq
Add new confusing_method_to_numeric_cast lint (#13979)
b363499 
Fixes #13973.

I don't think we can make `fn_to_numeric_cast_any` to be emitted in some
special cases. Its category cannot be changed at runtime.

I think in this case, the best might be a specialized new lint so we can
target exactly what we want.

----

changelog: Add new `confusing_method_to_numeric_cast` lint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-lint Area: New lints
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add new confusing_method_to_numeric_cast lint GuillaumeGomez/rust-clippy
4 participants
@GuillaumeGomez @theemathas @meltyness @dennisjackson