Skip to content

u8::max as usize instead of u8::MAX as usize should warn #13973

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
theemathas opened this issue Jan 9, 2025 · 4 comments · Fixed by #13979
Closed

u8::max as usize instead of u8::MAX as usize should warn #13973

theemathas opened this issue Jan 9, 2025 · 4 comments · Fixed by #13979
Labels
A-lint Area: New lints

Comments

@theemathas
Copy link
Contributor

What it does

It should warn on code like u8::max as usize, or similar code with min or with other integer types.

Advantage

u8::MAX is a constant equal to 2^8-1. u8::MAX as usize casts that value to a larger integer size.

u8::max is a function that takes two u8 values and returns the larger one. u8::max as usize takes the address of that function, which is almost certainly not intended.

Drawbacks

No response

Example

u8::max as usize

Could be written as:

u8::MAX as usize
@theemathas theemathas added the A-lint Area: New lints label Jan 9, 2025
@dennisjackson
Copy link

dennisjackson commented Jan 10, 2025
edited
Loading

Example code which triggers the assert, but emits no warnings from Cargo or Clippy in pedantic mode:

#[deny(clippy::pedantic)]
pub fn main() {
    let x: usize = 65_535;

    // Should be u16::MAX
    if x < u16::max as usize {
        println!("fits in a u16!");
        assert!(x < 65_535);
    } else {
        println!("Too big!");
    }
}

Although clippy::fn_to_numeric_cast_any will catch this mistake, it's not enabled in pedantic mode and will flag all other uses where function pointers are converted to integers.

Possible solutions:

  • Enable clippy::fn_to_numeric_cast_any by default for the special case of standard library functions where associated constants and functions are lookalikes.
  • Warn when function pointers are cast to usize in a non-equality comparison.

@GuillaumeGomez
Copy link
Member

I don't think we can make fn_to_numeric_cast_any to be emitted in some special cases. Its category cannot be changed at runtime.

I think in this case, the best might be a specialized new lint. Something like primitive_method_to_numeric_cast.

@GuillaumeGomez GuillaumeGomez mentioned this issue Jan 10, 2025
Merged
@meltyness
Copy link

Another thing to notice too that (though they are deprecated) methods like i32::min_value and u8::max_value are also a bit confusing.

@theemathas
Copy link
Contributor Author

theemathas commented Apr 27, 2025
edited
Loading

Here's a bug occurring in practice due to this footgun, leading to a CVE:

mozilla/gecko-dev@eaa2194#diff-ae44822f5ed147b5ecf38d71f1c752533de39a19d8b786ee8d94b4874ce6af0cL1037

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1014

github-merge-queue bot pushed a commit that referenced this issue May 12, 2025
@llogiq
Add new confusing_method_to_numeric_cast lint (#13979)
b363499 
Fixes #13973.

I don't think we can make `fn_to_numeric_cast_any` to be emitted in some
special cases. Its category cannot be changed at runtime.

I think in this case, the best might be a specialized new lint so we can
target exactly what we want.

----

changelog: Add new `confusing_method_to_numeric_cast` lint
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
A-lint Area: New lints
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add new confusing_method_to_numeric_cast lint GuillaumeGomez/rust-clippy
4 participants
@GuillaumeGomez @theemathas @meltyness @dennisjackson