enum variables with defined bit width

The signedness of an enum type according to the C standard is implementation-defined, and thus shouldn't be relied on. However, the code implicitly assumes it's unsigned (a gcc-specific thing?), and uses constructs like this:

typedef enum {
  ADDR_POLICY_ACCEPT=1,
  ADDR_POLICY_REJECT=2,
} addr_policy_action_t;

addr_policy_action_t policy_type:2;

What happens to the above case with the MSVC compiler is that it treats the enum type as signed, and writing a '2' makes two's-complement math kick in, so '2' becomes '-2'. One unit test fails because of this, which is how I noticed it. The consequence is that Tor's state can easily destabilize, and impossible execution paths like this could occur:

test = 2;
assert( test == 2 ); // triggers

There are workarounds, like wrapping the enum in a struct (very ugly), or using an integer type for storage (loss of type info). Ideally stop using bit packing entirely in memory-only structures, and serialize to integer types of exact size when crafting packets (an enum's size is variable in gcc, fixed in msvc).

Here's a list of all offending places for patterns ":N" and ": N", N=1..9:

• circ_id_type_t circ_id_type:2;
• addr_policy_action_t policy_type:2;
• path_state_t path_state : 2;
• addressmap_entry_source_t 3;
• } state : 3;
• } dir_spool_src : 3;
• saved_location_t saved_location : 3;

Trac:
Username: ultramage